Vulnerabilities > Apache > Struts > 2.3.20.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-04 | CVE-2016-4431 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. | 7.5 |
| 2016-07-04 | CVE-2016-4430 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | 8.8 |
| 2016-06-07 | CVE-2016-3093 | Improper Input Validation vulnerability in multiple products Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. | 5.3 |
| 2016-04-12 | CVE-2016-4003 | Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter. | 6.1 |