CVE-2018-1327: Struts Framework S2-056 Vulnerability

by do son · Published March 28, 2018 · Updated October 10, 2021

The S2-056 vulnerability occurs in the REST plug-in of Apache Struts2 (CVE-2018-1327). The REST Plugin is using XStream library which is vulnerable and allows perform a DoS attack when using a malicious request with specially crafted XML payload.

Affected version

Struts 2.1.1 – Struts 2.5.14.1

Unaffected version

Struts 2.5.16

Solution

Apache Struts officially defends against the S2-056 vulnerability in the new 2.5.16 release. It is recommended that the user of the Apache Struts2 REST plug-in check the framework version is affected by vulnerabilities. Upgrade the framework and replace the XML parser with Jackson XML processing class Jackson Xml Handler.

CVE-2018-1327: Struts Framework S2-056 Vulnerability

Search

Brilliantly

Content & Links