Denial of Service Vulnerability in Apache Struts 2 REST Plugin
CVE-2017-15707

6.2MEDIUM

Key Information:

Vendor
Apache
Vendor
CVE Published:
1 December 2017

Summary

The Apache Struts 2 REST Plugin versions 2.5 to 2.5.14 utilize an outdated JSON-lib library that poses a serious risk. Attackers can exploit this vulnerability by sending malicious requests with specially crafted JSON payloads, potentially leading to a Denial of Service (DoS) attack. This could disrupt the availability of services and impact legitimate users, highlighting the importance of using updated libraries to mitigate such risks.

Affected Version(s)

Apache Struts 2.5 to 2.5.14

References

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.