CVE-2016-4433

Name of the Vulnerable Software and Affected Versions Apache Struts 2 versions 2.3.20 through 2.3.28.1

Description The issue allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. This is due to insufficient input validation in the Apache Struts platform. Exploitation of the issue may enable a remote attacker to bypass existing access restrictions using a specially crafted request.

Recommendations For Apache Struts 2 versions 2.3.20 through 2.3.28.1, update to a version outside of this range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.