Vulnerabilities > CVE-2018-1327 - Unspecified vulnerability in Apache Struts
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.
Vulnerable Configurations
Nessus
NASL family | Misc. |
NASL id | STRUTS_2_5_16.NASL |
description | The version of Apache Struts running on the remote host is prior to 2.5.16. It, therefore, contains a flaw in the REST plugin when using the XStream handler that is triggered during the handling of a specially crafted request with an XML payload. This may allow a remote attacker to cause a denial of service. Note that Nessus has not tested for these issues but has instead relied only on the application |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 108760 |
published | 2018-03-30 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/108760 |
title | Apache Struts XStream Handler REST Plugin XML Request Handling Remote DoS (S2-056) |
Seebug
bulletinFamily | exploit |
description | ### Summary A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin | | | | :------------ | :------------ | | Who should read this | All Struts 2 developers and users which are using the REST plugin | | Impact of vulnerability | A DoS attack is possible when using XStream handler with the Struts REST plugin. | | Maximum security rating | Medium | | Recommendation | Upgrade to Struts 2.5.16 | | Affected Software | Struts 2.1.1 - Struts 2.5.14.1 | | Reporter | Yevgeniy Grushka & Alvaro Munoz from HPE | | CVE Identifier | CVE-2018-1327 | ### Problem The REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. ### Solution Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16. ### Backward compatibility No backward incompatibility issues are expected. ### Workaround Use Jackson XML handler instead of the default XStream handler as described [here](http://struts.apache.org/plugins/rest/#custom-contenttypehandlers). |
id | SSV:97204 |
last seen | 2018-03-27 |
modified | 2018-03-27 |
published | 2018-03-27 |
reporter | Root |
title | Apache Struts2 S2-056(CVE-2018-1327) |
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/103516
- http://www.securityfocus.com/bid/103516
- http://www.securitytracker.com/id/1040575
- http://www.securitytracker.com/id/1040575
- https://cwiki.apache.org/confluence/display/WW/S2-056
- https://cwiki.apache.org/confluence/display/WW/S2-056
- https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
- https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
- https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E
- https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E
- https://security.netapp.com/advisory/ntap-20180330-0001/
- https://security.netapp.com/advisory/ntap-20180330-0001/