Описание
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationPatchVendor Advisory
- Third Party AdvisoryVDB Entry
- MitigationPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.006
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 5.9
ubuntu
больше 8 лет назад
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
CVSS3: 5.9
debian
больше 8 лет назад
In Apache Struts 2.5 through 2.5.5, if an application allows entering ...
CVSS3: 5.9
github
больше 3 лет назад
Apache Struts vulnerable to possible DoS attack when using URLValidator
EPSS
Процентиль: 69%
0.006
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20