...
Who should read this | All Struts 2 developers and users which are using the REST plugin |
|---|---|
Impact of vulnerability | A DoS attack is possible when using outdated json-lib with the Struts REST plugin |
Maximum security rating | Medium |
Recommendation | Upgrade to Struts 2.5.14.1 or Struts 2.4 (TBD) |
Affected Software | Struts 2.1.1 - 2.3.34, Struts 2.5 - Struts 2.5.14 |
Reporter | Huijun Chen <chenhuijun at huawei dot com> - Cyber Security Solution Dept, Huawei Technologies Co., Ltd HPE (TBD) |
CVE Identifier | CVE-2017-15707 |
...
Upgrade to Apache Struts version 2.5.14.1 or 2.4. Another solution is to use the Jackson handler instead of the default JSON-lib handler as described here.
...