If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://struts.apache.org/docs/s2-047.html - Mitigation, Vendor Advisory | |
References | () http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - | |
References | () http://www.securityfocus.com/bid/99563 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1039114 - | |
References | () https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d%40%3Cannouncements.struts.apache.org%3E - | |
References | () https://security.netapp.com/advisory/ntap-20180706-0002/ - |
07 Nov 2023, 02:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-07-13 15:29
Updated : 2024-11-21 03:32
NVD link : CVE-2017-7672
Mitre link : CVE-2017-7672
CVE.ORG link : CVE-2017-7672
JSON object : View
Products Affected
apache
- struts
CWE
CWE-20
Improper Input Validation