Red Hat Bugzilla – Bug 1480608
CVE-2017-9787 struts: Denial of service when using a Spring AOP functionality
Last modified: 2018-01-30 10:46:28 EST
A flaw was found in Apache Struts 2.3.7 through 2.3.32 and 2.5 through 188.8.131.52. When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack even if user was not properly authenticated but an application mixed secured and not secured actions in one class.
Created struts tracking bugs for this issue:
Affects: epel-7 [bug 1480611]
Affects: fedora-all [bug 1480610]