Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

It is possible to bypass token validation and perform a CSRF attack


Who should read this

All Struts 2 developers and users

Impact of vulnerability

Possible CSRF attack

Maximum security rating

Medium

Moderate

Recommendation

Upgrade to Struts 2.3.29.

Affected Software

Struts 2.3.20 - Struts Struts 2.3.28.1

Reporter

Takeshi Terada websec02 dot g02 at gmail.com

CVE Identifier

CVE-2016-4430

Problem

It is possible to pass a malicious expression which can be used to bypass token validation and perform CSRF attack.

...