QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1327

Published: Mar 27, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.

Vendor	Product	Versions
Apache Software Foundation	Apache Struts	affected `Apache Struts 2.1.1 to 2.5.14.1`

References

https://security.netapp.com/advisory/ntap-20180330-0001/

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

https://cwiki.apache.org/confluence/display/WW/S2-056

x_refsource_MISC

[struts-issues] 20201207 [jira] [Created] (WW-5105) Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327

mailing-list

x_refsource_MLIST

[struts-issues] 20201207 [jira] [Updated] (WW-5105) Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.