CVE-2016-8738
published 2017-09-20CVE-2016-8738: In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a…
medium5.9CVSS 3.0
AVNACHPRNUINSUCNINAH
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache_software_foundation | apache_struts | — | — |