CVE-2016-4436

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 2.3.29 Apache Struts 2.5.x versions prior to 2.5.1

Description The issue is related to improper action name clean up, which may allow attackers to have an unspecified impact. It is also described as a vulnerability in the implementation of the action name cleanup method, associated with insufficient input validation. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations For Apache Struts versions prior to 2.3.29, update to version 2.3.29 or later. For Apache Struts 2.5.x versions prior to 2.5.1, update to version 2.5.1 or later.