JVN#12352818: Apache Struts 2 vulnerable to denial-of-service (DoS)

2016-06-20T00:00:00
ID JVN:12352818
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-06-20T00:00:00

Description

## Description

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service (DoS) vulnerability due to an issue in URLValidator.

## Impact

An unauthenticated remote attacker may cause a denial-of-service (DoS) condition.

## Solution

Update the Software
Update to the appropriate version according to the information provided by the developer.

## Products Affected

  • Apache Struts 2.3.20 to 2.3.28.1
  • Apache Struts 2.5 Affects of this vulnearbility to Apache Struts 1 is unknown.
    As of April 5, 2013, Apache Software Foundation has announced that Apache Strtus 1 is no longer developed or supported.