Security Vulnerabilities fixed in Apache Struts S2-011

description-logoDescription

Request parameters handled by Struts 2 are effectively treated as OGNL expressions. A possible DOS attacker might craft requests to a Struts 2 based application with extremely long parameter names. OGNL evaluation of the parameter name then will consume significant CPU cycles, thus promoting the effectiveness of the DOS attack.

affected-products-logoAffected Applications

Apache Struts

CVE References

CVE-2012-4387 CVE-2012-4386