| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-4430 | 6.8 |
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
|
31-10-2017 - 01:29 | 04-07-2016 - 22:59 | |
| CVE-2016-4436 | 7.5 |
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.
|
09-08-2017 - 01:29 | 03-10-2016 - 15:59 | |
| CVE-2016-4433 | 5.0 |
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
|
09-08-2017 - 01:29 | 04-07-2016 - 22:59 | |
| CVE-2016-4431 | 5.0 |
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
|
09-08-2017 - 01:29 | 04-07-2016 - 22:59 |