6.2
CVE-2017-15707
- EPSS 2.48%
- Published 01.12.2017 16:29:00
- Last modified 20.04.2025 01:37:25
- Source security@apache.org
- Teams watchlist Login
- Open Login
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
Data is provided by the National Vulnerability Database (NVD)
Netapp ≫ Oncommand Balance Version-
Oracle ≫ Agile Plm Framework Version9.3.6
Oracle ≫ Enterprise Manager For Virtualization Version13.2.2
Oracle ≫ Enterprise Manager For Virtualization Version13.2.3
Oracle ≫ Financial Services Hedge Management And Ifrs Valuations Version8.0.4
Oracle ≫ Financial Services Hedge Management And Ifrs Valuations Version8.0.5
Oracle ≫ Financial Services Market Risk Measurement And Management Version8.0.5
Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2
Oracle ≫ Retail Order Broker Version5.2
Oracle ≫ Retail Xstore Point Of Service Version6.5.11
Oracle ≫ Retail Xstore Point Of Service Version7.0.6
Oracle ≫ Retail Xstore Point Of Service Version7.1.6
Oracle ≫ Retail Xstore Point Of Service Version15.0.1
Oracle ≫ Retail Xstore Point Of Service Version16.0.2
Oracle ≫ Webcenter Portal Version12.2.1.2.0
Oracle ≫ Webcenter Portal Version12.2.1.3.0
Oracle ≫ Weblogic Server Version12.2.1.2
Oracle ≫ Weblogic Server Version12.2.1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.48% | 0.848 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.2 | 2.5 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.