CVE-2016-4430

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-4430
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4430.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-4430
Aliases
Published
2016-07-04T22:59:05.337Z
Modified
2025-11-20T10:27:01.278569Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type
GIT
Repo
https://github.com/apache/struts
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0320310406f6b11cfd235d7a9b866cf1de483a1e
Last affected
0ac8932aa3a1b28a8f950863c17165cdc63b1474
Last affected
2cf0a7efeb12c8f476e31324dc56456b340ddeab
Last affected
36b6fff05cd4a17f75b091c0edd52e0c1e65ec06
Last affected
7a9863169f7d981be0d2d57437974ae2cc0c8bd3
Last affected
925741ad1e8e48c7a6d687fe02d3fdb6386eb64c
Last affected
a9974eec5689a7113a6fb1e2096252f0935064dd
Last affected
bbbf43ec59e7bef3b07e9065dc9784c18a95d58b

Affected versions

Other

STRUTS_2_2_1
STRUTS_2_3_14
STRUTS_2_3_16_1
STRUTS_2_3_16_2
STRUTS_2_3_16_3
STRUTS_2_3_17
STRUTS_2_3_19
STRUTS_2_3_20