...
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | Possible DoS attack when using URLValidator |
Maximum security rating | Low |
Recommendation | Upgrade to Struts 2.3.29 or Struts 2.5.1 |
Affected Software | Struts 2.3.20 - Struts Struts 2.3.28.1 and Struts 2.5 |
Reporter | ASAI Ken tc535mr2 at gmail dot com |
CVE Identifier | CVE-2016-4465 |
Problem
If an application allows enter na URL field in a form and built-in URLValidator
is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
...