Apache Struts vulnerable to possible DoS attack when using URLValidator

GHSA-86vq-8qhc-5rqw · CVE-2016-8738

Published May 14, 2022 · Modified Feb 19, 2024

Description

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-8738
WEB https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6
PACKAGE https://github.com/apache/struts
WEB https://security.netapp.com/advisory/ntap-20180629-0003
WEB https://struts.apache.org/docs/s2-044.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes