Vulnerability Name:

CVE-2016-4431 (CCN-114187)

Assigned:2016-06-11
Published:2016-06-11
Updated:2017-08-09
Summary:Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2016-4431

Source: CCN
Type: JVN#45093481
Multiple vulnerabilities in Apache Struts 2

Source: JVN
Type: Vendor Advisory
JVN#45093481

Source: JVNDB
Type: VDB Entry, Vendor Advisory
JVNDB-2016-000113

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21987854

Source: CCN
Type: IBM Security Bulletin S1009282 (Storwize V7000 (2076))
Multiple vulnerabilities in Apache Struts affect SAN Volume Controller and Storwize Family

Source: CCN
Type: IBM Security Bulletin S1010009 (FlashSystem 840)
Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900

Source: CCN
Type: IBM Security Bulletin S1010010 (FlashSystem V840)
Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840

Source: CCN
Type: IBM Security Bulletin 1987854 (Opportunity Detect)
Multiple Vulnerabilities in Struts v2 affect IBM Opportunity Detect

Source: CCN
Type: IBM Security Bulletin 1988934 (InfoSphere Information Server)
Multiple Vulnerabilities in Struts v2 affect IBM InfoSphere Information Server

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Source: BID
Type: UNKNOWN
91284

Source: CCN
Type: BID-91284
Apache Struts CVE-2016-4431 Security Bypass Vulnerability

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1348252

Source: CCN
Type: Apache Struts 2 Documentation S2-040
Input validation bypass using existing default action method

Source: XF
Type: UNKNOWN
apache-struts-cve20164431-sec-bypass(114187)

Source: CONFIRM
Type: Vendor Advisory
https://struts.apache.org/docs/s2-040.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:struts:2.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.28:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:apache:struts:2.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:flashsystem_v840:-:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:flashsystem_v840:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20164431000
    V
    CVE-2016-4431 on Ubuntu 12.04 LTS (precise) - medium.
    2016-07-04
    oval:com.ubuntu.trusty:def:20164431000
    V
    CVE-2016-4431 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-07-04
    BACK
    apache struts 2.3.20
    apache struts 2.3.20.1
    apache struts 2.3.20.3
    apache struts 2.3.24
    apache struts 2.3.24.1
    apache struts 2.3.24.3
    apache struts 2.3.28
    apache struts 2.3.20
    apache struts 2.3.24
    apache struts 2.3.24.1
    apache struts 2.3.28
    apache struts 2.3.20.1
    apache struts 2.3.20.3
    apache struts 2.3.24.3
    ibm infosphere information server 8.5
    ibm infosphere information server 8.7
    ibm infosphere information server 9.1
    ibm storwize v7000 software 6.1
    ibm storwize v7000 software 6.2
    ibm storwize v7000 software 6.3
    ibm storwize v7000 software 6.4
    ibm storwize v7000 software 7.1
    ibm storwize v7000 software 7.2
    ibm infosphere information server 11.3
    ibm storwize v7000 software 7.3
    ibm storwize v7000 software 7.4
    ibm flashsystem v840 -
    ibm flashsystem v840 -
    ibm storwize v7000 software 7.5
    ibm infosphere information server 11.5
    ibm storwize v7000 software 7.6
    ibm storwize v7000 software 7.6.1
    ibm storwize v7000 software 7.7