...
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | Possible DoS attack when using URLValidator |
Maximum security rating | Low |
Recommendation | Upgrade to Struts 2.5.6 |
Affected Software | Struts 2.3.20 - Struts Struts 2.3.28.1 and Struts 2.5.5 |
Reporter | ASAI Ken tc535mr2 Jonathan Bullock <jonbullock at gmail dot comcom> |
CVE Identifier | CVE-2016-44658738 |
Problem
If an application allows enter an URL in a form field and built-in URLValidator
is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
...