CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:agile_plm_framework:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-12-01 16:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-15707

Mitre link : CVE-2017-15707

CVE.ORG link : CVE-2017-15707


JSON object : View

Products Affected

netapp

  • oncommand_balance

oracle

  • retail_order_broker
  • global_lifecycle_management_opatchauto
  • jd_edwards_enterpriseone_tools
  • retail_xstore_point_of_service
  • agile_plm_framework
  • financial_services_hedge_management_and_ifrs_valuations
  • weblogic_server
  • financial_services_market_risk_measurement_and_management
  • enterprise_manager_for_virtualization
  • webcenter_portal

apache

  • struts
CWE
CWE-20

Improper Input Validation