CVE-2016-8738

MEDIUM5.9EPSS 1.1%

Apache Struts vulnerable to possible DoS attack when using URLValidator

Published: 5/14/2022Modified: 2/19/2024

Description

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

Affected packages (1)

Maven/org.apache.struts:struts2-core>= 2.5.0, < 2.5.13

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-8738
PATCHhttps://github.com/apache/struts
WEBhttps://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6
WEBhttps://security.netapp.com/advisory/ntap-20180629-0003
WEBhttps://struts.apache.org/docs/s2-044.html