Denial of Service Vulnerability in Apache Struts 2 REST Plugin
CVE-2017-15707

6.2MEDIUM

Key Information:

Vendor

Apache
Status
Apache Struts
Vendor
CVE Published:
1 December 2017

What is CVE-2017-15707?

The Apache Struts 2 REST Plugin versions 2.5 to 2.5.14 utilize an outdated JSON-lib library that poses a serious risk. Attackers can exploit this vulnerability by sending malicious requests with specially crafted JSON payloads, potentially leading to a Denial of Service (DoS) attack. This could disrupt the availability of services and impact legitimate users, highlighting the importance of using updated libraries to mitigate such risks.

Affected Version(s)

Apache Struts 2.5 to 2.5.14

References

https://cwiki.apache.org/confluence/display/WW/S2-054
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039946
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.