The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache Struts: denial of service via REST Plugin

Synthesis of the vulnerability 

An attacker can generate a fatal error via REST Plugin of Apache Struts, in order to trigger a denial of service.
Vulnerable products: Struts, Oracle Communications.
Severity of this weakness: 2/4.
Creation date: 27/03/2018.
Références of this bulletin: CERTFR-2018-AVI-153, cpujul2018, CVE-2018-1327, S2-056, VIGILANCE-VUL-25662.

Description of the vulnerability 

An attacker can generate a fatal error via REST Plugin of Apache Struts, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat announce impacts software or systems such as Struts, Oracle Communications.

Our Vigil@nce team determined that the severity of this cybersecurity alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this security alert.

Solutions for this threat 

Apache Struts: version 2.5.16.
The version 2.5.16 is fixed:
  http://struts.apache.org/

Apache Struts: workaround for REST Plugin.
A workaround is indicated in the information source.

Oracle Communications: CPU of July 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2410237.1
  https://support.oracle.com/rs?type=doc&id=2406191.1
  https://support.oracle.com/rs?type=doc&id=2410234.1
  https://support.oracle.com/rs?type=doc&id=2408211.1
  https://support.oracle.com/rs?type=doc&id=2406689.1
  https://support.oracle.com/rs?type=doc&id=2408212.1
  https://support.oracle.com/rs?type=doc&id=2410243.1
  https://support.oracle.com/rs?type=doc&id=2410198.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities alert. The Vigil@nce vulnerability database contains several thousand vulnerabilities.