Remote Code Execution Vulnerability in Apache Struts by Apache
CVE-2017-7672

5.9MEDIUM

Key Information:

Vendor
Apache
Vendor
CVE Published:
13 July 2017

Summary

A vulnerability exists in Apache Struts when the application permits users to input URLs via form fields without adequate validation. When the built-in URLValidator is engaged, it can lead to the processing of a specially crafted URL that may overload the server during the validation process. To mitigate this risk, users are advised to upgrade to Apache Struts version 2.5.12, which addresses this critical issue.

Affected Version(s)

Apache Struts 2.5 to 2.5.10.1

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.