CVE-2017-9787 High Severity Vulnerability detected by WhiteSource #18
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2017-9787 - High Severity Vulnerability
xwork-core-2.3.31.jar
Apache Struts 2
path: /root/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.31/xwork-core-2.3.31.jar
Library home page: http://struts.apache.org/xwork-core/
Dependency Hierarchy:
struts2-core-2.3.31.jar
Apache Struts 2
path: 2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar
Library home page: http://struts.apache.org/struts2-core/
Dependency Hierarchy:
Found in HEAD commit: 23068bfa8fba8e934988efafc64fa2cf0fdb8462
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
Publish Date: 2017-07-13
URL: CVE-2017-9787
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: http://struts.apache.org/docs/s2-049.html
Fix Resolution: Upgrade to Struts 2.5.12 or Struts 2.3.33
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: