CVE-2017-15707

Published Dec 1, 2017

Last updated 6 years ago

CVSS medium 6.2

Overview

Description: In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
Source: security@apache.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.2
Impact score: 3.6
Exploitability score: 2.5
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "351976F7-D1E8-4EAE-9F2A-46122E9D7424",
            "versionEndIncluding": "2.5.14",
            "versionStartIncluding": "2.5"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm_framework:9.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFB44079-8054-48BC-A8B5-B637AD1F9DFD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9E97F04-00ED-48E9-AB40-7A02B3419641"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCCE5A11-39E7-4BBB-9E1A-BA4B754103BB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DECBF5C-6C87-424F-A116-DD534EC5946C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3469C84E-50F3-4461-864C-E59174DDC981"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "402B8642-7ACC-4F42-87A9-AB4D3B581751"
          },
          {
            "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A877F1B-4B25-48E2-B473-0E76ED3948A3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1223C57-DA2C-42C0-9DCC-6124DF3AE67A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89B3354D-3929-4AEC-AAE0-7F573341FD6C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55901EF7-B71C-40B3-B276-FDA6381F051F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "385D40CC-5AA0-4DAB-A2E7-F3A3CFF95BA7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71D81AE2-9ABF-4C1B-B7F5-0549C8DFBBF8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A11496F-FECC-46C5-B914-F2B32423BEFC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAE3D682-1434-4789-8B43-679AE86533FE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References