Lucene search

K
zdtDavid Dillard1337DAY-ID-29102
HistoryDec 02, 2017 - 12:00 a.m.

Apache Struts2 S2-055 DoS Vulnerability

2017-12-0200:00:00
David Dillard
0day.today
103

EPSS

0.571

Percentile

97.7%

Exploit for multiple platform in category dos / poc

Summary

Vulnerability in the Jackson JSON library
	
Who should read this 	All Struts 2 developers and users which are using the REST plugin
Impact of vulnerability 	Not clear, please read the linked issue for more details. https://github.com/FasterXML/jackson-databind/issues/1599
Maximum security rating 	Medium
Recommendation 	Upgrade to Struts 2.5.14.1
Affected Software 	Struts 2.5 - Struts 2.5.14
Reporter 	David Dillard < david dot dillard at veritas dot com> - Veritas Technologies Product Security Group
CVE Identifier 	CVE-2017-7525
Problem

A vulnerability was detected in the latest Jackson JSON library, which was reported here. Upgrade com.fasterxml.jackson to version 2.9.2 to address CVE-2017-7525.
Solution

Upgrade to Apache Struts version 2.5.14.1. Another solution is to manually upgrade Jackson dependencies in your project to not vulnerable versions, see this comment.
Backward compatibility

No backward incompatibility issues are expected.
Workaround

Upgrade Jackson JSON library to the latest version.

Source
https://cwiki.apache.org/confluence/display/WW/s2-055

#  0day.today [2018-04-02]  #