CVE-2017-15707

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-15707

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15707.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-15707

Aliases

GHSA-xcrm-qpp8-hcw4

Published

2017-12-01T16:29:00Z

Modified

2024-09-03T01:45:12.679520Z

Severity

6.2 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type: GIT
Repo: https://github.com/apache/struts
Events: Introduced

4bee55fee30086c786d09503125a2b1c2ae8dcfa

Last affected

04db84135866b136aa4366234e81a0e4aa7bc7ca

Affected versions

Other

STRUTS_2_5

STRUTS_2_5_1

STRUTS_2_5_10

STRUTS_2_5_11

STRUTS_2_5_12

STRUTS_2_5_13

STRUTS_2_5_14

STRUTS_2_5_2

STRUTS_2_5_3

STRUTS_2_5_4

STRUTS_2_5_5

STRUTS_2_5_6

STRUTS_2_5_7

STRUTS_2_5_8

STRUTS_2_5_9