CVE-2017-7672

5.9MEDIUM

Key Information:

Vendor: Apache
Status: Apache Struts
Vendor: CVE Published:; 13 July 2017

Summary

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.

Affected Version(s)

Apache Struts 2.5 to 2.5.10.1

References

http://www.oracle.com/technetwork/security-advisory/alert...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/99563

vdb-entryx_refsource_BID

http://struts.apache.org/docs/s2-047.html

x_refsource_CONFIRM

EPSS Score

2% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2017
Vulnerability Reserved
Apr 11, 2017

.