DUE TO SPAM, SIGN-UP IS DISABLED. Goto Selfserve wiki signup and request an account.
...
| Excerpt |
|---|
It is possible to bypass token validation and perform a CSRF attack |
Who should read this | All Struts 2 developers and users |
|---|---|
Impact of vulnerability | Possible CSRF attack |
Maximum security rating |
Moderate | |
Recommendation | Upgrade to Struts 2.3.29. |
|---|---|
Affected Software | Struts 2.3.20 - Struts Struts 2.3.28.1 |
Reporter | Takeshi Terada websec02 dot g02 at gmail.com |
CVE Identifier | CVE-2016-4430 |
Problem
It is possible to pass a malicious expression which can be used to bypass token validation and perform CSRF attack.
...