Medium severity5.9NVD Advisory· Published Jul 13, 2017· Updated Jun 17, 2026
CVE-2017-7672
CVE-2017-7672
Description
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.struts:struts2-coreMaven | >= 2.5.0, < 2.5.12 | 2.5.12 |
Affected products
9cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*
- (no CPE)range: 2.5 to 2.5.10.1
Patches
Vulnerability mechanics
References
12- struts.apache.org/docs/s2-047.htmlnvdMitigationVendor AdvisoryWEB
- www.securityfocus.com/bid/99563nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-9gp7-jvm2-r4mxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-7672ghsaADVISORY
- www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlnvdWEB
- lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20180706-0002ghsaWEB
- web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114ghsaWEB
- web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563ghsaWEB
- www.securitytracker.com/id/1039114nvd
- lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d%40%3Cannouncements.struts.apache.org%3Envd
- security.netapp.com/advisory/ntap-20180706-0002/nvd
News mentions
0No linked articles in our index yet.