Apache Struts Multiple Vulnerabilities Fixed by 2.3.29 and 2.5.1


Description   (#Several vulnerabilities were reported in Apache Struts:#- CVE-2016-4430: token validation bypass allowing to perform CSRF attacks##- CVE-2016-4431: open redirect. A remote attacker could exploit it by using default method in order to bypass security mechanism and manipulate return string##- CVE-2016-4433: open redirect. A remote attacker could exploit it by sending a specially crafted request in order to bypass security mechanism and manipulate return string##- CVE-2016-4436: unspecified vulnerability. A remote attacker could exploit it via specially crafted input in order to produce vulnerable payload##- CVE-2016-4438: remote code execution via the REST plugin##- CVE-2016-4465: denial of service in the URLValidator class. A remote attacker could exploit it by adding a null value in a URL field in order to crash the application##- CVE-2016-4461: arbitrary code execution due to an improper OGNL evaluation (similar to CVE-2016-0785).)
     
Vulnerable Products   Vulnerable OS:
Storwize V7000 (IBM) - 1.1, 1.2, 1.3, 1.4, 1.4.6, ..., 7.6.1.3, 7.6.1.4, 7.7, 7.7.0.1, 7.7.0.2Vulnerable Software:
FlashSystem (IBM) - 840, 900Storwize V3700 (IBM) - 7.5, 7.6, 7.7, 7.7.0.1, 7.7.0.2Struts (Apache Software Foundation) - 2.0.0, 2.0.11, 2.0.11.1, 2.0.11.2, 2.0.12, ..., 2.3.28.1, 2.3.4, 2.3.4.1, 2.5, 2.5.0
     
Solution   - 1.4 : 1.4.5.0.
     
CVE   CVE-2016-4465
CVE-2016-4461
CVE-2016-4438
CVE-2016-4436
CVE-2016-4433
CVE-2016-4431
CVE-2016-4430
     
References   - Struts : 2.3.29 General Availability with Security Fixes Release
http://struts.apache.org/announce.html
- Struts : 2.5.1 General Availability
http://struts.apache.org/announce.html
- Struts : Action name clean up is error prone
http://struts.apache.org/docs/s2-035.html
- Struts : Remote Code Execution can be performed when using REST Plugin
http://struts.apache.org/docs/s2-037.html
- Struts : It is possible to bypass token validation and perform a CSRF attack
http://struts.apache.org/docs/s2-038.html
- Struts : Getter as action method leads to security bypass
http://struts.apache.org/docs/s2-039.html
- Struts : Input validation bypass using existing default action method.
http://struts.apache.org/docs/s2-040.html
- Struts : Possible DoS attack when using URLValidator
http://struts.apache.org/docs/s2-041.html
- Struts : Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)
http://struts.apache.org/docs/s2-036.html
- IBM : Multiple vulnerabilities in Apache Struts affect SAN Volume Controller and Storwize Family
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282
- IBM : Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010010
- IBM : Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010009
- IBM : Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem model V840
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010778
- IBM : Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010779
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-06-17 

 Target Type 
Server 

 Possible exploit 
Remote