{"id":"CVE-2017-7672","details":"If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.","aliases":["GHSA-9gp7-jvm2-r4mx"],"modified":"2026-04-09T05:55:55.396503Z","published":"2017-07-13T15:29:00.363Z","references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1039114"},{"type":"WEB","url":"https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d%40%3Cannouncements.struts.apache.org%3E"},{"type":"ADVISORY","url":"http://struts.apache.org/docs/s2-047.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99563"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180706-0002/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/struts","events":[{"introduced":"0"},{"last_affected":"4bee55fee30086c786d09503125a2b1c2ae8dcfa"},{"introduced":"0"},{"last_affected":"e8aa825f21fc951418f0cfa770d32762a4a83664"},{"introduced":"0"},{"last_affected":"17e14ef42bcf1182c2985f2a25543cf4e88235e2"},{"introduced":"0"},{"last_affected":"f2348e53cbdf8ad7d9c28c66dc6fefe2c5718636"},{"introduced":"0"},{"last_affected":"4281e31864e0f2e0bffc0e537dc9c6e40604aec0"},{"introduced":"0"},{"last_affected":"f0f4e9ece77000e0eb0071bf233ed4b9bc9c8205"},{"introduced":"0"},{"last_affected":"376a891aeed6157d5621f9a9101d91be60f57b01"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5"},{"introduced":"0"},{"last_affected":"2.5.1"},{"introduced":"0"},{"last_affected":"2.5.2"},{"introduced":"0"},{"last_affected":"2.5.5"},{"introduced":"0"},{"last_affected":"2.5.8"},{"introduced":"0"},{"last_affected":"2.5.10"},{"introduced":"0"},{"last_affected":"2.5.10.1"}]}}],"versions":["STRUTS_2_5","STRUTS_2_5_1","STRUTS_2_5_10","STRUTS_2_5_10_1","STRUTS_2_5_2","STRUTS_2_5_3","STRUTS_2_5_4","STRUTS_2_5_5","STRUTS_2_5_6","STRUTS_2_5_7","STRUTS_2_5_8","STRUTS_2_5_9","STRUTS_2_5_BETA1","STRUTS_2_5_BETA2","STRUTS_2_5_BETA3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7672.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}