QwikSec

Security Database

CVE

CWE

Training

CVE-2017-7672

Published: Jul 13, 2017

Modified: Sep 17, 2024

PUBLISHED

Description

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.

Vendor	Product	Versions
Apache Software Foundation	Apache Struts	affected `2.5 to 2.5.10.1`

References

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://struts.apache.org/docs/s2-047.html

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20180706-0002/

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

[announcements] 20170713 Apache Struts 2.5.12 GA with Security Fixes Release

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.