CVE-2016-4465

Apache Struts vulnerable to possible DoS attack when using URLValidator

Description

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.13 allows remote attackers to cause a denial of service via a null value for a URL field.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

5.3

Severity

Medium

Ecosystem

Java

Publish Date

May 16, 2022

Modified Date

February 16, 2024

Score Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Versions