 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.809476 |
| Category: | Web application abuses |
| Title: | Apache Struts Multiple Vulnerabilities (S2-037, S2-038, S2-039, S2-040) - Linux |
| Summary: | Apache Struts is prone to multiple vulnerabilities.;; This VT has been deprecated and merged into the VT 'Apache Struts Multiple Vulnerabilities (S2-037,; S2-038, S2-039, S2-040)' (OID: 1.3.6.1.4.1.25623.1.0.808536). |
| Description: | Summary: Apache Struts is prone to multiple vulnerabilities. This VT has been deprecated and merged into the VT 'Apache Struts Multiple Vulnerabilities (S2-037, S2-038, S2-039, S2-040)' (OID: 1.3.6.1.4.1.25623.1.0.808536). Vulnerability Insight: Multiple flaws exist due to: - An error in REST Plugin. - An improper input validation. - An improper input validation in Getter method. - Mishandles token validation. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary code or to bypass intended access restrictions and conduct redirection attacks or to conduct cross-site request forgery. Affected Software/OS: Apache Struts 2.3.20 through 2.3.28.1. Solution: Update to version 2.3.29 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-4438 BugTraq ID: 91275 http://www.securityfocus.com/bid/91275 http://jvn.jp/en/jp/JVN07710476/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110 Common Vulnerability Exposure (CVE) ID: CVE-2016-4431 BugTraq ID: 91284 http://www.securityfocus.com/bid/91284 http://jvn.jp/en/jp/JVN45093481/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000113 Common Vulnerability Exposure (CVE) ID: CVE-2016-4433 BugTraq ID: 91282 http://www.securityfocus.com/bid/91282 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000112 Common Vulnerability Exposure (CVE) ID: CVE-2016-4430 BugTraq ID: 91281 http://www.securityfocus.com/bid/91281 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000111 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |