CVE-2017-15707

Опубликовано: 01 дек. 2017

Источник: nvd

CVSS3: 6.2

CVSS2: 5

EPSS Низкий

Описание

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

Ссылки

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
http://www.securityfocus.com/bid/102021
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039946
Third Party Advisory
VDB Entry
https://cwiki.apache.org/confluence/display/WW/S2-054
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20171214-0001/
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
http://www.securityfocus.com/bid/102021
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039946
Third Party Advisory
VDB Entry
https://cwiki.apache.org/confluence/display/WW/S2-054
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20171214-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Версия от 2.5 (включая) до 2.5.14 (включая)

Конфигурация 2

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:oracle:agile_plm_framework:9.3.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:webcenter_portal:12.2.1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02482

Низкий

6.2 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2017-15707

CVSS3: 6.2

ubuntu

около 8 лет назад

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

CVE-2017-15707

CVSS3: 7.5

redhat

около 8 лет назад

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

CVE-2017-15707

CVSS3: 6.2

debian

около 8 лет назад

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated J ...

GHSA-xcrm-qpp8-hcw4

CVSS3: 6.2

github

больше 7 лет назад

Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin

BDU:2019-01769

CVSS3: 7.5

fstec

около 8 лет назад

Уязвимость библиотеки JSON-lib плагина REST программной платформы Apache Struts, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 85%

0.02482

Низкий

6.2 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20