Japan Vulnerability NotesJVN:12352818JVN#12352818: Apache Struts 2 vulnerable to denial-of-service (DoS)
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
99.5%
Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service (DoS) vulnerability due to an issue in URLValidator.
Impact
An unauthenticated remote attacker may cause a denial-of-service (DoS) condition.
Solution
Update the Software
Update to the appropriate version according to the information provided by the developer.
Products Affected
- Apache Struts 2.3.20 to 2.3.28.1
- Apache Struts 2.5
Affects of this vulnearbility to Apache Struts 1 is unknown.
As of April 5, 2013, Apache Software Foundation has announced that Apache Strtus 1 is no longer developed or supported.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
99.5%