5.5 Medium
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.4%
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
github.com/apache/struts
github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6
nvd.nist.gov/vuln/detail/CVE-2016-8738
security.netapp.com/advisory/ntap-20180629-0003
struts.apache.org/docs/s2-044.html