Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS04NnZxLThxaGMtNXJxd84AAWrf

Moderate EPSS: 0.006% (0.68531 Percentile) EPSS:
Permalink JSON

Apache Struts vulnerable to possible DoS attack when using URLValidator

Affected Packages Affected Versions Fixed Versions
maven:org.apache.struts:struts2-core >= 2.5.0, < 2.5.13 2.5.13
194 Dependent packages
6,183 Dependent repositories

Affected Version Ranges

All affected versions

2.5.1, 2.5.10.1, 2.5.14.1, 2.5.2, 2.5.28.1, 2.5.28.2, 2.5.28.3, 2.5.5, 2.5.8, 2.5.10, 2.5.12

All unaffected versions

2.0.11.1, 2.0.11.2, 2.0.5, 2.0.6, 2.0.8, 2.0.9, 2.0.11, 2.0.12, 2.0.14, 2.1.2, 2.1.6, 2.1.8, 2.2.1, 2.2.3, 2.3.1, 2.3.14.1, 2.3.14.2, 2.3.14.3, 2.3.15.1, 2.3.15.2, 2.3.15.3, 2.3.16.1, 2.3.16.2, 2.3.16.3, 2.3.20.1, 2.3.20.3, 2.3.24.1, 2.3.24.3, 2.3.28.1, 2.3.3, 2.3.4, 2.3.7, 2.3.8, 2.3.12, 2.3.14, 2.3.15, 2.3.16, 2.3.20, 2.3.24, 2.3.28, 2.3.29, 2.3.30, 2.3.31, 2.3.32, 2.3.33, 2.3.34, 2.3.35, 2.3.36, 2.3.37, 2.5.13, 2.5.14, 2.5.16, 2.5.17, 2.5.18, 2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27, 2.5.28, 2.5.29, 2.5.30, 2.5.31, 2.5.32, 2.5.33, 6.0.0, 6.0.3, 6.1.1, 6.1.2, 6.2.0, 6.3.0, 6.4.0, 6.6.0, 6.6.1, 6.7.0, 6.7.4, 6.8.0, 7.0.0, 7.0.3, 7.1.1

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

References:

Identifiers

GHSA-86vq-8qhc-5rqw

CVE-2016-8738

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.006

EPSS Percentile: 0.68531

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/struts

Date and time

Published

over 3 years ago

Updated

almost 2 years ago

API

JSON