2017-07-13 17:29:00 2019-10-03 02:03:26

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL
Apache Struts 2.5.10.1 (not an official CPE) Apache Struts 2.5.10 (not an official CPE) Apache Struts 2.5.9 (not an official CPE) Apache Struts 2.5.8 (not an official CPE) Apache Struts 2.5.7 (not an official CPE) Apache Struts 2.5.6 (not an official CPE) Apache Struts 2.5.5 (not an official CPE) Apache Struts 2.5.4 (not an official CPE) Apache Struts 2.5.3 (not an official CPE) Apache Struts 2.5.2 (not an official CPE) Apache Struts 2.5.1 (not an official CPE) Apache Struts 2.5 (not an official CPE) Apache Struts 2.3.32 (not an official CPE) Apache Struts 2.3.31 (not an official CPE) Apache Struts 2.3.30 (not an official CPE) Apache Struts 2.3.29 (not an official CPE) Apache Struts 2.3.28.1 (not an official CPE) Apache Struts 2.3.28 (not an official CPE) Apache Struts 2.3.27 (not an official CPE) Apache Struts 2.3.26 (not an official CPE) Apache Struts 2.3.25 (not an official CPE) Apache Struts 2.3.24.3 (not an official CPE) Apache Struts 2.3.24.2 (not an official CPE) Apache Struts 2.3.24.1 (not an official CPE) Apache Struts 2.3.24 (not an official CPE) Apache Struts 2.3.23 (not an official CPE) Apache Struts 2.3.22 (not an official CPE) Apache Struts 2.3.21 (not an official CPE) Apache Struts 2.3.20.3 (not an official CPE) Apache Struts 2.3.20.2 (not an official CPE) Apache Struts 2.3.20.1 (not an official CPE) Apache Software Foundation Struts 2.3.20 Apache Struts 2.3.19 (not an official CPE) Apache Struts 2.3.17 (not an official CPE) Apache Software Foundation Struts 2.3.16.3 Apache Software Foundation Struts 2.3.16.2 Apache Software Foundation Struts 2.3.16.1 Apache Software Foundation Struts 2.3.16 Apache Software Foundation Struts 2.3.15.3 Apache Software Foundation Struts 2.3.15.2 Apache Software Foundation Struts 2.3.15.1 Apache Software Foundation Struts 2.3.15 Apache Software Foundation Struts 2.3.14.3 Apache Software Foundation Struts 2.3.14.2 Apache Software Foundation Struts 2.3.14.1 Apache Software Foundation Struts 2.3.14 Apache Struts 2.3.13 (not an official CPE) Apache Software Foundation Struts 2.3.12 Apache Struts 2.3.10 (not an official CPE) Apache Struts 2.3.11 (not an official CPE) Apache Struts 2.3.9 (not an official CPE) Apache Software Foundation Struts 2.3.8 Apache Software Foundation Struts 2.3.7