Test Kennung:	1.3.6.1.4.1.25623.1.0.107240
Kategorie:	Denial of Service
Titel:	Apache Struts Security Update (S2-050)
Zusammenfassung:	Apache Struts is prone to a regular expression Denial; of Service (DoS) vulnerability when using URLValidator.
Beschreibung:	Summary: Apache Struts is prone to a regular expression Denial of Service (DoS) vulnerability when using URLValidator. Vulnerability Insight: The previous fix issued with S2-047 was incomplete. If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Vulnerability Impact: An attacker can exploit this issue to cause a DoS condition, denying service to legitimate users. Affected Software/OS: Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12. Solution: Update to version 2.3.34, 2.5.13 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-9804 BugTraq ID: 100612 http://www.securityfocus.com/bid/100612 Cisco Security Advisory: 20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 http://www.securitytracker.com/id/1039261
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.