Apache struts2 is vulnerable to denial-of-service (DoS) attacks. It does not trim when validating input URL in form files. If built-in URLValidator is used, it is possible for attackers to prepare a special URL which will be used to overload server process when performing validation of the URL, causing DoS attacks.
CPE | Name | Operator | Version |
---|---|---|---|
struts 2 core | le | 2.5-BETA3 | |
struts 2 core | le | 2.5.5 |