virus logo FortiClient Vulnerability

Apache Struts CVE-2017-9804 Input Validation Bypass Vulnerability

description-logoDescription

The previous fix issued withS2-047was incomplete. If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

affected-products-logoAffected Applications

Apache Struts

CVE References

CVE-2017-9804

Other References

https://cwiki.apache.org/confluence/display/WW/Security+Bulletins
ID 49293
Created Jan 17, 2020
Description
Updated		 Dec 14, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor Apache
Patch manual
Application Apache Struts