The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-09-16T23:11:07.229Z

Reserved: 2017-12-07T00:00:00

Link: CVE-2018-1327

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-27T21:29:00.970

Modified: 2024-11-21T03:59:38.023

Link: CVE-2018-1327

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-03-27T00:00:00Z

Links: CVE-2018-1327 - Bugzilla

cve-icon OpenCVE Enrichment

No data.