CVE-2017-7672 is a vulnerability in Apache Struts
Published on July 13, 2017
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
Products Associated with CVE-2017-7672
Want to know whenever a new CVE is published for Apache Struts? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Struts Version 2.5 to 2.5.10.1 is affected by CVE-2017-7672Exploit Probability
EPSS
1.35%
Percentile
79.89%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.