CVEs-PoC/2018/CVE-2018-1327.md at 860e02050fe0cfa14d092faefbaafd5bd449bbcb

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-21 21:26:50 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.

POC

Reference

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/IkerSaint/VULNAPP-vulnerable-app
https://github.com/SexyBeast233/SecBooks
https://github.com/brunsu/woodswiki
https://github.com/khodges42/Etrata
https://github.com/pctF/vulnerable-app
https://github.com/wiseeyesent/cves
https://github.com/woods-sega/woodswiki

1.3 KiB Raw Blame History

CVE-2018-1327

Description

POC

Reference

Github

1.3 KiB

Raw Blame History