CVE-2016-4436 in Ubuntu

CVE-2016-4436

Priority

Description

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to
have unspecified impact via vectors related to improper action name clean
up.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4436
https://struts.apache.org/docs/s2-035.html

Notes

seth-arnold

The advisory says "Struts 2.0.0 - Struts 2.3.28.1" is affected
but doesn't make a positive statement why those bounds.

Package

Source: libstruts1.2-java (LP Ubuntu Debian)

Upstream:	released (2.3.29, 2.5.1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needed)
Ubuntu 20.04 FIPS Compliant:	DNE

Patches:

More Information

Updated: 2022-04-13 12:20:40 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)