CVE-2017-15707
published 2017-12-01CVE-2017-15707: In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious…
medium6.2CVSS 3.0
AVLACLPRNUINSUCNINAH
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | struts | 2.5 – 2.5.14 | — |
| apache_software_foundation | apache_struts | — | — |
| oracle | agile_plm_framework | — | — |
| oracle | enterprise_manager_for_virtualization | — | — |
| oracle | enterprise_manager_for_virtualization | — | — |
| oracle | financial_services_hedge_management_and_ifrs_valuations | — | — |
| oracle | financial_services_hedge_management_and_ifrs_valuations | — | — |
| oracle | financial_services_market_risk_measurement_and_management | — | — |
| oracle | jd_edwards_enterpriseone_tools | — | — |
| oracle | retail_order_broker | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | webcenter_portal | — | — |
| oracle | webcenter_portal | — | — |
| oracle | weblogic_server | — | — |
| oracle | weblogic_server | — | — |