PT-2012-1241 · Apache · Apache Struts

René Gielen

Published

2012-08-03

Updated

2022-05-17

CVE-2012-4387

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.3.4

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending specially crafted requests with very long parameter names, which are processed as OGNL expressions. This is related to insufficient access controls in the Apache Struts platform.

Recommendations For Apache Struts versions 2.0.0 through 2.3.4, consider restricting access to parameters that could be used to cause a denial of service, or apply configuration changes to limit the processing of long parameter names as OGNL expressions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2022-06204

CVE-2012-4387

GHSA-HRGC-54MV-58GV

Affected Products

Apache Struts

PT-2012-1241 · Apache · Apache Struts

CVE-2012-4387

Weakness Enumeration

Related Identifiers

Affected Products

References · 18