The URLValidator class in Apache Struts 2 2.3.20 up to and including 2.3.28.1 and 2.5.x prior to 2.5.1 allows remote malicious users to cause a denial of service via a null value for a URL field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache struts 2.3.20 |
||
apache struts 2.3.20.1 |
||
apache struts 2.3.20.3 |
||
apache struts 2.3.24 |
||
apache struts 2.3.24.1 |
||
apache struts 2.3.24.3 |
||
apache struts 2.3.28 |
||
apache struts 2.3.28.1 |
||
apache struts 2.5 |