CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 82.1%

CVSS Severity

CVSS v3 Score 6.2

CVSS v2 Score 5.0

References

Products affected by CVE-2017-15707

Apache » Struts » Version: 2.5

cpe:2.3:a:apache:struts:2.5
Apache » Struts » Version: 2.5.0

cpe:2.3:a:apache:struts:2.5.0
Apache » Struts » Version: 2.5.1

cpe:2.3:a:apache:struts:2.5.1
Apache » Struts » Version: 2.5.10

cpe:2.3:a:apache:struts:2.5.10
Apache » Struts » Version: 2.5.10.1

cpe:2.3:a:apache:struts:2.5.10.1
Apache » Struts » Version: 2.5.11

cpe:2.3:a:apache:struts:2.5.11
Apache » Struts » Version: 2.5.12

cpe:2.3:a:apache:struts:2.5.12
Apache » Struts » Version: 2.5.13

cpe:2.3:a:apache:struts:2.5.13
Apache » Struts » Version: 2.5.14

cpe:2.3:a:apache:struts:2.5.14
Apache » Struts » Version: 2.5.2

cpe:2.3:a:apache:struts:2.5.2
Apache » Struts » Version: 2.5.3

cpe:2.3:a:apache:struts:2.5.3
Apache » Struts » Version: 2.5.4

cpe:2.3:a:apache:struts:2.5.4
Apache » Struts » Version: 2.5.5

cpe:2.3:a:apache:struts:2.5.5
Apache » Struts » Version: 2.5.6

cpe:2.3:a:apache:struts:2.5.6
Apache » Struts » Version: 2.5.7

cpe:2.3:a:apache:struts:2.5.7
Apache » Struts » Version: 2.5.8

cpe:2.3:a:apache:struts:2.5.8
Apache » Struts » Version: 2.5.9

cpe:2.3:a:apache:struts:2.5.9
Netapp » Oncommand Balance » Version: N/A

cpe:2.3:a:netapp:oncommand_balance:-
Oracle » Agile Plm Framework » Version: 9.3.6

cpe:2.3:a:oracle:agile_plm_framework:9.3.6
Oracle » Enterprise Manager For Virtualization » Version: 13.2.2

cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2
Oracle » Enterprise Manager For Virtualization » Version: 13.2.3

cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3
Oracle » Financial Services Hedge Management And Ifrs Valuations » Version: 8.0.4

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4
Oracle » Financial Services Hedge Management And Ifrs Valuations » Version: 8.0.5

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5
Oracle » Financial Services Market Risk Measurement And Management » Version: 8.0.5

cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5
Oracle » Global Lifecycle Management Opatchauto » Version: N/A

cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:-
Oracle » Global Lifecycle Management Opatchauto » Version: 12.2.0.1.14

cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:12.2.0.1.14
Oracle » Jd Edwards Enterpriseone Tools » Version: 9.2

cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2
Oracle » Retail Order Broker » Version: 5.2

cpe:2.3:a:oracle:retail_order_broker:5.2
Oracle » Retail Xstore Point Of Service » Version: 15.0.1

cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1
Oracle » Retail Xstore Point Of Service » Version: 16.0.2

cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.2
Oracle » Retail Xstore Point Of Service » Version: 6.5.11

cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.11
Oracle » Retail Xstore Point Of Service » Version: 7.0.6

cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6
Oracle » Retail Xstore Point Of Service » Version: 7.1.6

cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6
Oracle » Webcenter Portal » Version: 12.2.1.2.0

cpe:2.3:a:oracle:webcenter_portal:12.2.1.2.0
Oracle » Webcenter Portal » Version: 12.2.1.3.0

cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0
Oracle » Weblogic Server » Version: 12.2.1.2

cpe:2.3:a:oracle:weblogic_server:12.2.1.2
Oracle » Weblogic Server » Version: 12.2.1.3

cpe:2.3:a:oracle:weblogic_server:12.2.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-15707

Products

Pricing

Contact Us