Denial of Service Vulnerability in Apache Struts 2 REST Plugin
CVE-2017-15707
6.2MEDIUM
Summary
The Apache Struts 2 REST Plugin versions 2.5 to 2.5.14 utilize an outdated JSON-lib library that poses a serious risk. Attackers can exploit this vulnerability by sending malicious requests with specially crafted JSON payloads, potentially leading to a Denial of Service (DoS) attack. This could disrupt the availability of services and impact legitimate users, highlighting the importance of using updated libraries to mitigate such risks.
Affected Version(s)
Apache Struts 2.5 to 2.5.14
References
CVSS V3.1
Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved