CVE-2018-1327: Struts Framework S2-056 Vulnerability
The S2-056 vulnerability occurs in the REST plug-in of Apache Struts2 (CVE-2018-1327). The REST Plugin is using XStream library which is vulnerable and allows perform a DoS attack when using a malicious request with specially crafted XML payload.
- Struts 2.1.1 – Struts 22.214.171.124
- Struts 2.5.16
Apache Struts officially defends against the S2-056 vulnerability in the new 2.5.16 release. It is recommended that the user of the Apache Struts2 REST plug-in check the framework version is affected by vulnerabilities. Upgrade the framework and replace the XML parser with Jackson XML processing class Jackson Xml Handler.