CVE-2012-4387

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.3.4

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending specially crafted requests with very long parameter names, which are processed as OGNL expressions. This is related to insufficient access controls in the Apache Struts platform.

Recommendations For Apache Struts versions 2.0.0 through 2.3.4, consider restricting access to parameters that could be used to cause a denial of service, or apply configuration changes to limit the processing of long parameter names as OGNL expressions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.