Vulnerabilities > Apache > Struts > 2.3.28.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-04 | CVE-2016-4465 | Improper Input Validation vulnerability in Apache Struts The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field. | 5.0 |
| 2016-07-04 | CVE-2016-4430 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | 6.8 |