Bug 1348251 (CVE-2016-4433)

Summary: CVE-2016-4433 struts: Bypassing internal security mechanisms by crafted request
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bkearney, dbhole, meissner, mmraka, thomas, tkasparek, tlestach
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20160617,reported=20160617,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,jboss/struts=notaffected,jboss/struts12=notaffected,rhel-5/struts=notaffected,rhn_satellite_5/struts=notaffected,fedora-all/struts=notaffected,epel-7/struts=notaffected
Fixed In Version: Struts 2.3.29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:55:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Adam Mariš 2016-06-20 14:44:27 UTC
It is possible to pass a crafted request which can be used to bypass internal security mechanism and manipulate return string which can leads to redirecting user to unvalidated location.

Affected versions: Struts 2.3.20 - Struts 2.3.28.1

External References:

https://struts.apache.org/docs/s2-039.html

Comment 1 gil cattaneo 2016-06-20 14:47:55 UTC
thanks for the information, but I remove from the CC list.