Vulnerability Name:

CVE-2016-4433 (CCN-114186)

Assigned:2016-06-11
Published:2016-06-11
Updated:2017-08-09
Summary:Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2016-4433

Source: CCN
Type: JVN#45093481
Multiple vulnerabilities in Apache Struts 2

Source: JVN
Type: Vendor Advisory
JVN#45093481

Source: JVNDB
Type: VDB Entry, Vendor Advisory
JVNDB-2016-000112

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21987854

Source: CCN
Type: IBM Security Bulletin S1009282 (Storwize V7000 (2076))
Multiple vulnerabilities in Apache Struts affect SAN Volume Controller and Storwize Family

Source: CCN
Type: IBM Security Bulletin S1010009 (FlashSystem 840)
Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900

Source: CCN
Type: IBM Security Bulletin S1010010 (FlashSystem V840)
Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840

Source: CCN
Type: IBM Security Bulletin 1987854 (Opportunity Detect)
Multiple Vulnerabilities in Struts v2 affect IBM Opportunity Detect

Source: CCN
Type: IBM Security Bulletin 1988934 (InfoSphere Information Server)
Multiple Vulnerabilities in Struts v2 affect IBM InfoSphere Information Server

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Source: BID
Type: UNKNOWN
91282

Source: CCN
Type: BID-91282
Apache Struts CVE-2016-4433 Security Bypass Vulnerability

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1348251

Source: CCN
Type: Apache Struts 2 Documentation S2-039
Getter as action method leads to security bypass

Source: XF
Type: UNKNOWN
apache-struts-cve20164433-sec-bypass(114186)

Source: CONFIRM
Type: Vendor Advisory
https://struts.apache.org/docs/s2-039.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:struts:2.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.28:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:apache:struts:2.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:flashsystem_v840:-:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:flashsystem_v840:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20164433000
    V
    CVE-2016-4433 on Ubuntu 12.04 LTS (precise) - medium.
    2016-07-04
    oval:com.ubuntu.trusty:def:20164433000
    V
    CVE-2016-4433 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-07-04
    BACK
    apache struts 2.3.20
    apache struts 2.3.20.1
    apache struts 2.3.20.3
    apache struts 2.3.24
    apache struts 2.3.24.1
    apache struts 2.3.24.3
    apache struts 2.3.28
    apache struts 2.3.20
    apache struts 2.3.24
    apache struts 2.3.24.1
    apache struts 2.3.28
    apache struts 2.3.20.1
    apache struts 2.3.20.3
    apache struts 2.3.24.3
    ibm infosphere information server 8.5
    ibm infosphere information server 8.7
    ibm infosphere information server 9.1
    ibm storwize v7000 software 6.1
    ibm storwize v7000 software 6.2
    ibm storwize v7000 software 6.3
    ibm storwize v7000 software 6.4
    ibm storwize v7000 software 7.1
    ibm storwize v7000 software 7.2
    ibm infosphere information server 11.3
    ibm storwize v7000 software 7.3
    ibm storwize v7000 software 7.4
    ibm flashsystem v840 -
    ibm flashsystem v840 -
    ibm storwize v7000 software 7.5
    ibm infosphere information server 11.5
    ibm storwize v7000 software 7.6
    ibm storwize v7000 software 7.6.1
    ibm storwize v7000 software 7.7