CVE-2017-15707 — Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plug

Description

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

How to fix CVE-2017-15707

To remediate CVE-2017-15707, upgrade the affected package to a fixed version below.

Maven/org.apache.struts:struts2-rest-plugin—upgrade to 2.5.16 or later

Is CVE-2017-15707 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 2.5.0, < 2.5.16

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.2	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (8)

ADVISORYgithub.com/advisories/GHSA-xcrm-qpp8-hcw4
ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-15707
WEBcwiki.apache.org/confluence/display/WW/S2-054
WEBsecurity.netapp.com/advisory/ntap-20171214-0001
WEB