CVE-2018-1327 is a vulnerability in Apache Struts
Published on March 27, 2018
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.
Products Associated with CVE-2018-1327
Want to know whenever a new CVE is published for Apache Struts? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Struts Version Apache Struts 2.1.1 to 2.5.14.1 is affected by CVE-2018-1327Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.