Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS14Zzc1LTY4eDMtN3Azcc4AAa4P

Moderate EPSS: 0.13342% (0.93812 Percentile) EPSS:
Permalink JSON

Apache Struts vulnerable to possible DoS attack when using URLValidator

Affected Packages Affected Versions Fixed Versions
maven:org.apache.struts:struts2-core >= 2.5.0, < 2.5.13, >= 2.3.20, < 2.3.29 2.5.13, 2.3.29
194 Dependent packages
6,183 Dependent repositories

Affected Version Ranges

All affected versions

2.3.20, 2.3.24, 2.3.28, 2.5.1, 2.5.10.1, 2.5.14.1, 2.5.2, 2.5.28.1, 2.5.28.2, 2.5.28.3, 2.5.5, 2.5.8, 2.5.10, 2.5.12

All unaffected versions

2.0.11.1, 2.0.11.2, 2.0.5, 2.0.6, 2.0.8, 2.0.9, 2.0.11, 2.0.12, 2.0.14, 2.1.2, 2.1.6, 2.1.8, 2.2.1, 2.2.3, 2.3.1, 2.3.14.1, 2.3.14.2, 2.3.14.3, 2.3.15.1, 2.3.15.2, 2.3.15.3, 2.3.16.1, 2.3.16.2, 2.3.16.3, 2.3.20.1, 2.3.20.3, 2.3.24.1, 2.3.24.3, 2.3.28.1, 2.3.3, 2.3.4, 2.3.7, 2.3.8, 2.3.12, 2.3.14, 2.3.15, 2.3.16, 2.3.29, 2.3.30, 2.3.31, 2.3.32, 2.3.33, 2.3.34, 2.3.35, 2.3.36, 2.3.37, 2.5.13, 2.5.14, 2.5.16, 2.5.17, 2.5.18, 2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27, 2.5.28, 2.5.29, 2.5.30, 2.5.31, 2.5.32, 2.5.33, 6.0.0, 6.0.3, 6.1.1, 6.1.2, 6.2.0, 6.3.0, 6.4.0, 6.6.0, 6.6.1, 6.7.0, 6.7.4, 6.8.0, 7.0.0, 7.0.3, 7.1.1

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.13 allows remote attackers to cause a denial of service via a null value for a URL field.

References:

Identifiers

GHSA-xg75-68x3-7p3q

CVE-2016-4465

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.13342

EPSS Percentile: 0.93812

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/struts

Date and time

Published

over 3 years ago

Updated

almost 2 years ago

API

JSON