CVE-2016-4465
Published on: 07/04/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:26:58 PM UTC
Certain versions of Struts from Apache contain the following vulnerability:
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
- CVE-2016-4465 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | NONE | NONE | LOW |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
IBM Security Bulletin: Multiple Vulnerabilities in Struts v2 affect IBM Opportunity Detect - United States | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
1348253 – (CVE-2016-4465) CVE-2016-4465 struts: Possible DoS attack when using URLValidator | Issue Tracking bugzilla.redhat.com text/html |
![]() |
No Description Provided | VDB Entry Vendor Advisory jvndb.jvn.jp text/html |
![]() |
Apache Struts CVE-2016-4465 Denial of Service Vulnerability | cve.report (archive) text/html |
![]() |
S2-041 | Vendor Advisory struts.apache.org text/html |
![]() |
JVN#12352818: Apache Struts 2 vulnerable to denial-of-service (DoS) | Vendor Advisory jvn.jp text/xml |
![]() |
Oracle Critical Patch Update - July 2017 | www.oracle.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Apache | Struts | 2.3.20 | All | All | All |
Application | Apache | Struts | 2.3.20.1 | All | All | All |
Application | Apache | Struts | 2.3.20.3 | All | All | All |
Application | Apache | Struts | 2.3.24 | All | All | All |
Application | Apache | Struts | 2.3.24.1 | All | All | All |
Application | Apache | Struts | 2.3.24.3 | All | All | All |
Application | Apache | Struts | 2.3.28 | All | All | All |
Application | Apache | Struts | 2.3.28.1 | All | All | All |
Application | Apache | Struts | 2.5 | All | All | All |
Application | Apache | Struts | 2.5 | beta1 | All | All |
Application | Apache | Struts | 2.5 | beta2 | All | All |
Application | Apache | Struts | 2.5 | beta3 | All | All |
Application | Apache | Struts | 2.3.20 | All | All | All |
Application | Apache | Struts | 2.3.20.1 | All | All | All |
Application | Apache | Struts | 2.3.20.3 | All | All | All |
Application | Apache | Struts | 2.3.24 | All | All | All |
Application | Apache | Struts | 2.3.24.1 | All | All | All |
Application | Apache | Struts | 2.3.24.3 | All | All | All |
Application | Apache | Struts | 2.3.28 | All | All | All |
Application | Apache | Struts | 2.3.28.1 | All | All | All |
Application | Apache | Struts | 2.5 | All | All | All |
Application | Apache | Struts | 2.5 | beta1 | All | All |
Application | Apache | Struts | 2.5 | beta2 | All | All |
Application | Apache | Struts | 2.5 | beta3 | All | All |
- cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*:
- cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE