Apache Struts REST Plugin XML DoS Vulnerability

Apache Struts REST Plugin XML DoS Vulnerability

CVE-2018-1327 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.

Learn more about our Cis Benchmark Audit For Apache Http Server.