Denial Of Service (DoS)

🗓️ 12 Nov 2018 06:20:09Reported by Veracode Vulnerability DatabaseType

OpenSymphony XWork vulnerability to DoS due to OGNL expression recursion

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2007-4556	28 Aug 200701:00	–	cve
Cvelist	CVE-2007-4556	28 Aug 200701:00	–	cvelist
EUVD	EUVD-2022-4099	3 Oct 202520:07	–	euvd
Github Security Blog	OpenSymphony XWork vulnerable to improper input validation	1 May 202218:24	–	github
Nuclei	OpenSymphony XWork/Apache Struts2 - Remote Code Execution	4 Jun 202603:48	–	nuclei
NVD	CVE-2007-4556	28 Aug 200701:17	–	nvd
OSV	GHSA-H7MF-QRM9-2848 OpenSymphony XWork vulnerable to improper input validation	1 May 202218:24	–	osv
Prion	Input validation	28 Aug 200701:17	–	prion
vulnersOsv	com.google.code.struts2webflow:struts2webflow-parent (=1.0.4), com.google.code.struts2webflow:struts2webflow-plugin (=1.0.4) +23 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=2.0.0 <=2.0.3)	1 May 202218:24	–	vulnersosv
vulnersOsv	berkano:bean-displaytag (>=20050615.234814 <=20050616.015551), berkano:berkano-util (>=dev-20050722 <=dev-20050723) +28 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=1.0.3 <=1.2.2)	1 May 202218:24	–	vulnersosv

Vulners

Node

opensymphony xworkRange2.0-beta-1–2.0.3java

opensymphony xworkRange1.0–1.2.2java

Source	Link
github	www.github.com/chenhua6/opensymphony-xwork-backup/commit/a37a4d8d4faa5974f5097036ba377f5801fc2ac5
securityfocus	www.securityfocus.com/bid/25524
secunia	www.secunia.com/advisories/26681
secunia	www.secunia.com/advisories/26693
secunia	www.secunia.com/advisories/26694
osvdb	www.osvdb.org/37072
vupen	www.vupen.com/english/advisories/2007/3041
vupen	www.vupen.com/english/advisories/2007/3042
forums	www.forums.opensymphony.com/ann.jspa
issues	www.issues.apache.org/struts/browse/WW-2030

08 Aug 2022 07:11Current

6.9Medium risk

Vulners AI Score6.9

CVSS 26.8

EPSS0.02109