ID de Prueba:	1.3.6.1.4.1.25623.1.0.107239
Categoría:	Denial of Service
Título:	Apache Struts DoS Vulnerability (S2-050) - Linux
Resumen:	Apache Struts is prone to a regular expression Denial; of Service (DoS) vulnerability when using URLValidator.;; This VT has been deprecated and merged into the VT 'Apache Struts DoS Vulnerability (S2-050)'; (OID: 1.3.6.1.4.1.25623.1.0.107240).
Descripción:	Summary: Apache Struts is prone to a regular expression Denial of Service (DoS) vulnerability when using URLValidator. This VT has been deprecated and merged into the VT 'Apache Struts DoS Vulnerability (S2-050)' (OID: 1.3.6.1.4.1.25623.1.0.107240). Vulnerability Insight: The previous fix issued with S2-047 was incomplete. If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Vulnerability Impact: An attacker can exploit this issue to cause a DoS condition, denying service to legitimate users. Affected Software/OS: Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12. Solution: Update to version 2.3.34, 2.5.13 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-9804 BugTraq ID: 100612 http://www.securityfocus.com/bid/100612 Cisco Security Advisory: 20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 http://www.securitytracker.com/id/1039261
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.