CVE-2017-15707
01.12.2017, 16:29
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.Enginsight
| Vendor | Product | Version |
|---|---|---|
| apache | struts | 2.5 ≤ 𝑥 ≤ 2.5.14 |
| netapp | oncommand_balance | - |
| oracle | agile_plm_framework | 9.3.6 |
| oracle | enterprise_manager_for_virtualization | 13.2.2 |
| oracle | enterprise_manager_for_virtualization | 13.2.3 |
| oracle | financial_services_hedge_management_and_ifrs_valuations | 8.0.4 |
| oracle | financial_services_hedge_management_and_ifrs_valuations | 8.0.5 |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.5 |
| oracle | global_lifecycle_management_opatchauto | * |
| oracle | jd_edwards_enterpriseone_tools | 9.2 |
| oracle | retail_order_broker | 5.2 |
| oracle | retail_xstore_point_of_service | 6.5.11 |
| oracle | retail_xstore_point_of_service | 7.0.6 |
| oracle | retail_xstore_point_of_service | 7.1.6 |
| oracle | retail_xstore_point_of_service | 15.0.1 |
| oracle | retail_xstore_point_of_service | 16.0.2 |
| oracle | webcenter_portal | 12.2.1.2.0 |
| oracle | webcenter_portal | 12.2.1.3.0 |
| oracle | weblogic_server | 12.2.1.2 |
| oracle | weblogic_server | 12.2.1.3 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References