CVE-2017-15707

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.5 to 2.5.14

Description The issue is related to insufficient input validation in the JSON-lib library used by the REST plugin of the Apache Struts platform. This can be exploited by a remote attacker to cause a denial of service. The exploitation involves sending a malicious request with a specially crafted JSON payload, allowing the attacker to perform a DoS attack.

Recommendations For Apache Struts versions 2.5 to 2.5.14, update the JSON-lib library to a version that is not vulnerable to this issue. As a temporary workaround, consider restricting access to the REST plugin until a patch is available. Avoid using the REST plugin with the outdated JSON-lib library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.