CVE-2016-4436

critical Apache
CVSS v3 Base Score
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
5.7%
Exploitation probability in 30 days
Top 10% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: October 3, 2016 (3511 days ago)
Last Modified: May 6, 2026
Vendor: Apache
Source: NVD

Description

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

CWE

NVD-CWE-noinfo

Affected Products

apache struts

References

🔗 www-01.ibm.com 🔗 www-01.ibm.com 🔗 www.oracle.com 🔗 www.securityfocus.com 🔗 struts.apache.org