CVE-2016-4436

🗓️ 03 Oct 2016 15:00:00Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 84 Views

CVE-2016-4436 Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up

Reporter	Title	Published	Views	Family All 27
IBM Security Bulletins	Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.	12 Apr 202417:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)	14 Sep 202217:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)	14 Sep 202217:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Order Management is affected by Apache Struts 2 security vulnerabilities (CVE-2016-3093 , CVE-2016-4436)	16 Jun 201820:08	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900	18 Feb 202301:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840	18 Jun 201800:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache Struts affect SAN Volume Controller, Storwize family and FlashSystem V9000 products	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Struts affect IBM InfoSphere Information Server	16 Jun 201813:42	–	ibm
CNVD	Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04093)	16 Jun 201600:00	–	cnvd
Cvelist	CVE-2016-4436	3 Oct 201615:00	–	cvelist

NVD

Node

apache strutsMatch2.0.0

apache strutsMatch2.0.1

apache strutsMatch2.0.2

apache strutsMatch2.0.3

apache strutsMatch2.0.4

apache strutsMatch2.0.5

apache strutsMatch2.0.6

apache strutsMatch2.0.7

apache strutsMatch2.0.8

apache strutsMatch2.0.9

apache strutsMatch2.0.11

apache strutsMatch2.0.11.1

apache strutsMatch2.0.11.2

apache strutsMatch2.0.12

apache strutsMatch2.0.14

apache strutsMatch2.1.6

apache strutsMatch2.1.8

apache strutsMatch2.1.8.1

apache strutsMatch2.2.1

apache strutsMatch2.2.1.1

apache strutsMatch2.2.3

apache strutsMatch2.2.3.1

apache strutsMatch2.3.1

apache strutsMatch2.3.1.1

apache strutsMatch2.3.1.2

apache strutsMatch2.3.3

apache strutsMatch2.3.4

apache strutsMatch2.3.4.1

apache strutsMatch2.3.7

apache strutsMatch2.3.8

apache strutsMatch2.3.12

apache strutsMatch2.3.14

apache strutsMatch2.3.14.1

apache strutsMatch2.3.14.2

apache strutsMatch2.3.14.3

apache strutsMatch2.3.15

apache strutsMatch2.3.15.1

apache strutsMatch2.3.15.2

apache strutsMatch2.3.15.3

apache strutsMatch2.3.16

apache strutsMatch2.3.16.1

apache strutsMatch2.3.16.2

apache strutsMatch2.3.16.3

apache strutsMatch2.3.20

apache strutsMatch2.3.20.1

apache strutsMatch2.3.20.3

apache strutsMatch2.3.24

apache strutsMatch2.3.24.1

apache strutsMatch2.3.24.3

apache strutsMatch2.3.28

apache strutsMatch2.3.28.1

apache strutsMatch2.5

apache strutsMatch2.5beta1

apache strutsMatch2.5beta2

apache strutsMatch2.5beta3

Source	Link
oracle	www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
www-01	www.www-01.ibm.com/support/docview.wss
struts	www.struts.apache.org/docs/s2-035.html
www-01	www.www-01.ibm.com/support/docview.wss
securityfocus	www.securityfocus.com/bid/91280

06 May 2026 22:30Current

8.5High risk

Vulners AI Score8.5

CVSS 27.5

CVSS 39.8

EPSS0.05743