Vulnerability CVE-2017-9787
Published: 2017-07-13

Description:
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

Vendor: Apache
Product: Struts 
Version:
2.5.9
2.5.8
2.5.7
2.5.6
2.5.5
2.5.4
2.5.3
2.5.2
2.5.10.1
2.5.10
2.5.1
2.5
2.3.9
2.3.8
2.3.7
2.3.32
2.3.31
2.3.30
2.3.29
2.3.28.1
2.3.28
2.3.27
2.3.26
2.3.25
2.3.24.3
2.3.24.2
2.3.24.1
2.3.24
2.3.23
2.3.22
2.3.21
2.3.20.3
2.3.20.2
2.3.20.1
2.3.20
2.3.19
2.3.17
2.3.16.3
2.3.16.2
2.3.16.1
2.3.16
2.3.15.3
2.3.15.2
2.3.15.1
2.3.15
2.3.14.3
2.3.14.2
2.3.14.1
2.3.14
2.3.13
2.3.12
2.3.11
2.3.10

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://struts.apache.org/docs/s2-049.html
http://www.securityfocus.com/bid/99562
https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

Related CVE
CVE-2018-1303
 A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of ...
CVE-2018-1302
 When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard t...
CVE-2018-1301
 A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to tri...
CVE-2017-15715
 In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some...
CVE-2018-1322
 An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters...
CVE-2018-1321
 An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations,...
CVE-2018-1294
 If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Us...
CVE-2018-1319
 In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.
Copyright 2018, cxsecurity.com

 

Back to Top