CVE-2016-8738

MEDIUM5.9EPSS 1.1%

Apache Struts vulnerable to possible DoS attack when using URLValidator

發布日:2022/5/14修改日:2024/2/19

描述

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

受影響套件(1)

Maven/org.apache.struts:struts2-core>= 2.5.0, < 2.5.13

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-8738
PATCHhttps://github.com/apache/struts
WEBhttps://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6
WEBhttps://security.netapp.com/advisory/ntap-20180629-0003
WEBhttps://struts.apache.org/docs/s2-044.html