CVE-2016-4465

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-4465

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4465.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-4465

Aliases

GHSA-xg75-68x3-7p3q

Published

2016-07-04T22:59:10.117Z

Modified

2025-11-14T04:39:26.114269Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type: GIT
Repo: https://github.com/apache/struts
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0320310406f6b11cfd235d7a9b866cf1de483a1e

Last affected

0ac8932aa3a1b28a8f950863c17165cdc63b1474

Last affected

2a37a2e32db6d6905de48e04f71d995f41055827

Last affected

2cf0a7efeb12c8f476e31324dc56456b340ddeab

Last affected

36b6fff05cd4a17f75b091c0edd52e0c1e65ec06

Last affected

4bee55fee30086c786d09503125a2b1c2ae8dcfa

Last affected

56ae397d75430dc63fd68b0bfb36afbac1226023

Last affected

7a9863169f7d981be0d2d57437974ae2cc0c8bd3

Last affected

925741ad1e8e48c7a6d687fe02d3fdb6386eb64c

Last affected

9a63e6504b2d246573ff1483d45d9b12a49aa9c6

Last affected

a9974eec5689a7113a6fb1e2096252f0935064dd

Last affected

bbbf43ec59e7bef3b07e9065dc9784c18a95d58b

Affected versions

Other

STRUTS_2_2_1

STRUTS_2_3_14

STRUTS_2_3_16_1

STRUTS_2_3_16_2

STRUTS_2_3_16_3

STRUTS_2_3_17

STRUTS_2_3_19

STRUTS_2_3_20

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4465.json"