Apache Struts CVE-2016-4436 Security Bypass Vulnerability



Apache Struts is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.

Apache Struts versions 2.0.0 through 2.3.28.1 are vulnerable.

Information

Bugtraq ID: 91280
Class: Design Error
CVE: CVE-2016-4436

Remote: Yes
Local: No
Published: Jun 17 2016 12:00AM
Updated: Apr 19 2017 05:05PM
Credit: Alvaro Munoz and Sam Ng
Vulnerable: Oracle Weblogic Server 10.3.6 0
Oracle Weblogic Server 12.2.1.2
Oracle Weblogic Server 12.2.1.1
Oracle Weblogic Server 12.2.1.0
Oracle Weblogic Server 12.1.3.0
Oracle WebCenter Sites 11.1.1 8.0
Oracle WebCenter Sites 12.2.1.2.0
Oracle WebCenter Sites 12.2.1.1.0
Oracle WebCenter Sites 12.2.1.0.0
Oracle Transfer Pricing Component 8.0.4
Oracle Transfer Pricing Component 8.0
Oracle Siebel Apps - E-Billing 7.1
Oracle Siebel Apps - E-Billing 7.0
Oracle Siebel Apps - E-Billing 6.2
Oracle Siebel Apps - E-Billing 6.1
Oracle MySQL Enterprise Monitor 3.2.1182
Oracle MySQL Enterprise Monitor 3.3.2.1162
Oracle MySQL Enterprise Monitor 3.1.6.8003
Oracle MICROS Retail XBRi Loss Prevention 10.8.1
Oracle MICROS Retail XBRi Loss Prevention 10.8
Oracle MICROS Retail XBRi Loss Prevention 10.7
Oracle MICROS Retail XBRi Loss Prevention 10.6
Oracle MICROS Retail XBRi Loss Prevention 10.5
Oracle MICROS Retail XBRi Loss Prevention 10.0.1
Oracle Insurance Data Foundation 8.0.4
Oracle Insurance Data Foundation 8.0.3
Oracle Insurance Data Foundation 8.0.2
Oracle Insurance Data Foundation 8.0.1
Oracle FLEXCUBE Private Banking 12.1
Oracle FLEXCUBE Private Banking 12.0.3
Oracle FLEXCUBE Private Banking 12.0.2
Oracle FLEXCUBE Private Banking 12.0.1
Oracle Financial Services Retail Performance Analytics 8.0.4
Oracle Financial Services Retail Performance Analytics 8.0
Oracle Financial Services Retail Customer Analytics 8.0.3
Oracle Financial Services Retail Customer Analytics 8.0
Oracle Financial Services Reconciliation Framework 8.0.2
Oracle Financial Services Reconciliation Framework 8.0.1
Oracle Financial Services Reconciliation Framework 8.0
Oracle Financial Services Profitability Management 8.0.4
Oracle Financial Services Profitability Management 8.0.3
Oracle Financial Services Profitability Management 8.0.2
Oracle Financial Services Profitability Management 8.0.1
Oracle Financial Services Profitability Management 6.1.1
Oracle Financial Services Profitability Management 6.1
Oracle Financial Services Profitability Management 6.0
Oracle Financial Services Pricing Management 8.0.4
Oracle Financial Services Pricing Management 8.0
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.4
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.3
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.2
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.1
Oracle Financial Services Loan Loss Forecasting and Provisioning 1.5.1
Oracle Financial Services Loan Loss Forecasting and Provisioning 1.5
Oracle Financial Services Liquidity Risk Management 8.0.4
Oracle Financial Services Liquidity Risk Management 8.0.2
Oracle Financial Services Liquidity Risk Management 8.0.1
Oracle Financial Services Institutional Performance Analytics 8.0.4
Oracle Financial Services Institutional Performance Analytics 8.0
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.4
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.3
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.2
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.1
Oracle Financial Services Hedge Management and IFRS Valuations 6.1.1
Oracle Financial Services Funds Transfer Pricing 8.0.4
Oracle Financial Services Funds Transfer Pricing 8.0.3
Oracle Financial Services Funds Transfer Pricing 8.0.2
Oracle Financial Services Funds Transfer Pricing 8.0.1
Oracle Financial Services Funds Transfer Pricing 6.1.1
Oracle Financial Services Funds Transfer Pricing 6.1
Oracle Financial Services Funds Transfer Pricing 6.0
Oracle Financial Services Enterprise Financial Performance Analytics 8.0.4
Oracle Financial Services Enterprise Financial Performance Analytics 8.0
Oracle Financial Services Data Integration Hub 8.0.4
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Financial Services Data Integration Hub 8.0.2
Oracle Financial Services Data Integration Hub 8.0.1
Oracle Financial Services Data Foundation 8.0.4
Oracle Financial Services Data Foundation 8.0.3
Oracle Financial Services Data Foundation 8.0.2
Oracle Financial Services Data Foundation 8.0.1
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 8.0.3
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 8.0.2
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 6.1.3
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 6.1.2
Oracle Financial Services Basel Regulatory Capital Basic 8.0.3
Oracle Financial Services Basel Regulatory Capital Basic 8.0.2
Oracle Financial Services Basel Regulatory Capital Basic 6.1.3
Oracle Financial Services Basel Regulatory Capital Basic 6.1.2
Oracle Financial Services Asset Liability Management 8.0.4
Oracle Financial Services Asset Liability Management 8.0.3
Oracle Financial Services Asset Liability Management 8.0.2
Oracle Financial Services Asset Liability Management 8.0.1
Oracle Financial Services Asset Liability Management 6.1.1
Oracle Financial Services Asset Liability Management 6.1
Oracle Financial Services Asset Liability Management 6.0
Oracle Financial Services Analytical Applications Infrastructure 7.3.5
Oracle Financial Services Analytical Applications Infrastructure 7.3.4
Oracle Financial Services Analytical Applications Infrastructure 7.3.3
Oracle Communications Policy Management 12.2
IBM Storwize V7000 0
IBM Storwize V5000 -
IBM Storwize V3700 -
IBM Storwize V3500 -
IBM SAN Volume Controller 0
IBM Opportunity Detect 9.1.1
IBM Opportunity Detect 10.0
IBM Infosphere Metadata Workbench 9.1
IBM Infosphere Metadata Workbench 8.7
IBM Infosphere Metadata Workbench 8.5
IBM InfoSphere Information Server 9.1
IBM InfoSphere Information Server 8.7
IBM InfoSphere Information Server 8.5
IBM InfoSphere Information Server 11.5
IBM InfoSphere Information Server 11.3
IBM InfoSphere Information Governance Catalog 11.5
IBM InfoSphere Information Governance Catalog 11.3
Apache Struts 2.3.28
Apache Struts 2.3.24
Apache Struts 2.3.4 1
Apache Struts 2.3.4
Apache Struts 2.2.3
Apache Struts 2.2.1 1
Apache Struts 2.2
Apache Struts 2.1.8 .1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.1.2
Apache Struts 2.1.1
Apache Struts 2.1.1
Apache Struts 2.1
Apache Struts 2.0.14
Apache Struts 2.0.12
Apache Struts 2.0.11 .2
Apache Struts 2.0.11 .1
Apache Struts 2.0.11
Apache Struts 2.0.10
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.5
Apache Struts 2.0.4
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.0.1
Apache Struts 2.0
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.3
Apache Struts 2.3.28.1
Apache Struts 2.3.24.3
Apache Struts 2.3.24.2
Apache Struts 2.3.24.1
Apache Struts 2.3.20.3
Apache Struts 2.3.20.2
Apache Struts 2.3.20.1
Apache Struts 2.3.20
Apache Struts 2.3.16.3
Apache Struts 2.3.16.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.15.3
Apache Struts 2.3.15.2
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.14.3
Apache Struts 2.3.14.2
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.2.3.1
Apache Struts 2.1.4
Apache Struts 2.1.3
Apache Struts 2.0.13


Not Vulnerable: Apache Struts 2.3.29



Related Posts