Skip to main content

Incomplete Cleanup

CVE-2016-4436

Severity High
Score 9.8/10

Summary

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-459 - Incomplete Cleanup

The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

Advisory Timeline

  • Published