CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:agile_plm_framework:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

History

21 Nov 2024, 03:15

Type Values Removed Values Added
References () http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html - Patch () http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html - Patch
References () http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch () http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch
References () http://www.securityfocus.com/bid/102021 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/102021 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1039946 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1039946 - Third Party Advisory, VDB Entry
References () https://cwiki.apache.org/confluence/display/WW/S2-054 - Patch, Vendor Advisory () https://cwiki.apache.org/confluence/display/WW/S2-054 - Patch, Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20171214-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20171214-0001/ - Third Party Advisory

Information

Published : 2017-12-01 16:29

Updated : 2024-11-21 03:15


NVD link : CVE-2017-15707

Mitre link : CVE-2017-15707

CVE.ORG link : CVE-2017-15707


JSON object : View

Products Affected

oracle

  • agile_plm_framework
  • financial_services_hedge_management_and_ifrs_valuations
  • weblogic_server
  • global_lifecycle_management_opatchauto
  • retail_order_broker
  • webcenter_portal
  • jd_edwards_enterpriseone_tools
  • financial_services_market_risk_measurement_and_management
  • retail_xstore_point_of_service
  • enterprise_manager_for_virtualization

apache

  • struts

netapp

  • oncommand_balance
CWE
CWE-20

Improper Input Validation