Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:APACHE:STRUTS-URL-DOS
Severity	Minor
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Apache Struts URLValidator Denial of Service
Release Date	2016/07/05
Update Number	2752
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Apache Struts URLValidator Denial of Service

This signature detects attempts to exploit a known vulnerability against Apache Struts. Successful attack can result in a denial-of-service situation.

Extended Description

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

Affected Products

Apache struts 2.3.20
Apache struts 2.3.20.1
Apache struts 2.3.20.3
Apache struts 2.3.24
Apache struts 2.3.24.1
Apache struts 2.3.24.3
Apache struts 2.3.28
Apache struts 2.3.28.1
Apache struts 2.5

References

CVE: CVE-2016-4465

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Apache Struts URLValidator Denial of Service

Extended Description

Affected Products

References