Lucene search
ApacheCVELIST:CVE-2017-7672HistoryJul 13, 2017 - 12:00 a.m.
CVE-2017-7672
2017-07-1300:00:00
apache
www.cve.org
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
CNA Affected
[
{
"product": "Apache Struts",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.5 to 2.5.10.1"
}
]
}
]References
struts.apache.org/docs/s2-047.html
www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
www.securityfocus.com/bid/99563
www.securitytracker.com/id/1039114
lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d%40%3Cannouncements.struts.apache.org%3E
security.netapp.com/advisory/ntap-20180706-0002/
Related
openvas
openvas
Apache Struts URLValidator DoS Vulnerability (S2-047) - Linux
2017-07-18 00:00:00
Apache Struts Security Update (S2-047)
2017-07-18 00:00:00
redhatcve
redhatcve
CVE-2017-7672
2017-08-11 13:48:28
CVE-2017-9804
2017-09-05 14:19:09
veracode
veracode
Denial Of Service (DoS)
2017-07-14 05:43:57
Regular Expression Denial Of Service (ReDoS)
2017-09-05 21:13:06
prion
prion
Code injection
2017-07-13 15:29:00
Code injection
2017-09-20 17:29:00
github
github
Apache Struts Improper Input Validation vulnerability
2018-10-16 19:36:43
nvd
nvd
CVE-2017-7672
2017-07-13 15:29:00
CVE-2017-9804
2017-09-20 17:29:00
cve
cve
CVE-2017-7672
2017-07-13 15:29:00
CVE-2017-9804
2017-09-20 17:29:00
f5
f5
K00503780 : Apache Struts 2 vulnerability CVE-2017-7672
2017-08-03 00:00:00
K12542008 : Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804
2017-09-08 00:00:00
ubuntucve
ubuntucve
CVE-2017-7672
2017-07-13 00:00:00
CVE-2017-9804
2017-09-20 00:00:00
osv
osv
CVE-2017-7672
2017-07-13 15:29:00
Apache Struts Improper Input Validation vulnerability
2018-10-16 19:36:43
CVE-2017-9804
2017-09-20 17:29:00
cvelist
cvelist
CVE-2017-9804
2017-09-05 00:00:00
nessus
nessus
Apache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049)
2017-07-14 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities
2017-10-04 00:00:00
threatpost
threatpost
Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug
2017-09-26 14:28:26