CVE-2012-4387
Denial of service in Apache Struts
EPSS 7.9%
Description
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
How to fix CVE-2012-4387
To remediate CVE-2012-4387, upgrade the affected package to a fixed version below.
- Maven/org.apache.struts.xwork:xwork-core—upgrade to 2.3.4.1 or later
Is CVE-2012-4387 being exploited?
Moderate — EPSS is 7.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 2.0.0, < 2.3.4.1