CVE-2017-7672

State: PUBLISHED · Published: 2017-07-13 · Updated: 2024-09-17 · Assigner: apache

Description

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.

CWE

(none)

Affected

Apache Software Foundation / Apache Struts — v=2.5 to 2.5.10.1 [affected]

CVSS

(none)

References

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html x_refsource_CONFIRM
http://www.securityfocus.com/bid/99563 vdb-entry, x_refsource_BID
http://struts.apache.org/docs/s2-047.html x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180706-0002/ x_refsource_CONFIRM
http://www.securitytracker.com/id/1039114 vdb-entry, x_refsource_SECTRACK
https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d%40%3Cannouncements.struts.apache.org%3E mailing-list, x_refsource_MLIST

Source

cvelistV5-main/cves/2017/7xxx/CVE-2017-7672.json