CVE-2017-7672

Apache Struts Improper Input Validation vulnerability

Description

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

5.9

Severity

Medium

Ecosystem

Java

Publish Date

October 16, 2018

Modified Date

February 19, 2024

Score Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions