CVE-2016-8738

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.5 through 2.5.5

Description The issue allows an attacker to prepare a special URL that can overload the server process when the built-in URLValidator is used to validate the URL. This can happen if an application allows entering a URL in a form field.

Recommendations For Apache Struts versions 2.5 through 2.5.5, consider disabling the built-in URLValidator until a patch is available to prevent potential server overload. Restrict access to form fields that allow URL entry to minimize the risk of exploitation.