CVE-2016-4465

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-4465
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4465.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-4465
Aliases
Published
2016-07-04T22:59:10.117Z
Modified
2026-05-28T04:03:16.106865598Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "2.3.20"
                }
            ],
            "cpes": [
                "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "vendor_product": "apache:struts"
        }
    ]
}
References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type
GIT
Repo
https://github.com/apache/struts
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0320310406f6b11cfd235d7a9b866cf1de483a1e
Last affected
a9974eec5689a7113a6fb1e2096252f0935064dd
Last affected
bbbf43ec59e7bef3b07e9065dc9784c18a95d58b
Last affected
925741ad1e8e48c7a6d687fe02d3fdb6386eb64c
Last affected
7a9863169f7d981be0d2d57437974ae2cc0c8bd3
Last affected
36b6fff05cd4a17f75b091c0edd52e0c1e65ec06
Last affected
0ac8932aa3a1b28a8f950863c17165cdc63b1474
Last affected
2cf0a7efeb12c8f476e31324dc56456b340ddeab
Last affected
4bee55fee30086c786d09503125a2b1c2ae8dcfa
Last affected
2a37a2e32db6d6905de48e04f71d995f41055827
Last affected
56ae397d75430dc63fd68b0bfb36afbac1226023
Last affected
9a63e6504b2d246573ff1483d45d9b12a49aa9c6
Database specific 
{
    "cpe": [
        "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.20"
        },
        {
            "last_affected": "2.3.20.1"
        },
        {
            "last_affected": "2.3.20.3"
        },
        {
            "last_affected": "2.3.24"
        },
        {
            "last_affected": "2.3.24.1"
        },
        {
            "last_affected": "2.3.24.3"
        },
        {
            "last_affected": "2.3.28"
        },
        {
            "last_affected": "2.3.28.1"
        },
        {
            "last_affected": "2.5"
        },
        {
            "last_affected": "2.5-beta1"
        },
        {
            "last_affected": "2.5-beta2"
        },
        {
            "last_affected": "2.5-beta3"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

Other
STRUTS_2_3_20
STRUTS_2_3_20_1
STRUTS_2_3_20_2
STRUTS_2_3_20_3
STRUTS_2_3_24
STRUTS_2_3_24_1
STRUTS_2_3_24_2
STRUTS_2_3_24_3
STRUTS_2_3_25
STRUTS_2_3_26
STRUTS_2_3_27
STRUTS_2_3_28
STRUTS_2_3_28_1
STRUTS_2_5
STRUTS_2_5_BETA1
STRUTS_2_5_BETA2
STRUTS_2_5_BETA3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4465.json"