Test ID:	1.3.6.1.4.1.25623.1.0.808536
Category:	Web application abuses
Title:	Apache Struts Security Update (S2-037, S2-038, S2-039, S2-040)
Summary:	Apache Struts is prone to multiple vulnerabilities.
Description:	Summary: Apache Struts is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in REST Plugin. - An improper input validation. - An improper input validation in Getter method. - Mishandles token validation. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary code or to bypass intended access restrictions and conduct redirection attacks or to conduct cross-site request forgery. Affected Software/OS: Apache Struts 2.3.20 through 2.3.28.1. Solution: Update to version 2.3.29 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4438 BugTraq ID: 91275 http://www.securityfocus.com/bid/91275 http://jvn.jp/en/jp/JVN07710476/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110 Common Vulnerability Exposure (CVE) ID: CVE-2016-4431 BugTraq ID: 91284 http://www.securityfocus.com/bid/91284 http://jvn.jp/en/jp/JVN45093481/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000113 Common Vulnerability Exposure (CVE) ID: CVE-2016-4433 BugTraq ID: 91282 http://www.securityfocus.com/bid/91282 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000112 Common Vulnerability Exposure (CVE) ID: CVE-2016-4430 BugTraq ID: 91281 http://www.securityfocus.com/bid/91281 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000111
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.