CVE-2017-7672

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 2.5.12

Description The issue allows an attacker to prepare a special URL that can overload the server process when performing URL validation, potentially affecting a large number of devices worldwide. This can happen if an application allows entering a URL in a form field and uses the built-in URLValidator.

Recommendations For versions prior to 2.5.12, upgrade to Apache Struts version 2.5.12 to resolve the issue. As a temporary workaround, consider restricting the use of the URLValidator function to minimize the risk of exploitation.