CVE-2016-4431

Name of the Vulnerable Software and Affected Versions Apache Struts 2 versions 2.3.20 through 2.3.28.1

Description The issue exists due to insufficient input validation in the Apache Struts platform. This allows a remote attacker to bypass existing access restrictions by utilizing a default method, potentially conducting redirection attacks.

Recommendations For Apache Struts 2 versions 2.3.20 through 2.3.28.1, consider disabling the default method as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.