CVE-2017-15707
medium
CVSS v3
6.2
CVSS v4 NEW
โ
VIR risk
6.2
Description
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Predictions
Exploit likelihood
62%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.struts:struts2-rest-plugin | >=2.5.0,<2.5.16 | 2.5.16 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | struts | {"startIncluding":"2.5","endIncluding":"2.5.14"} | |
| netapp | oncommand_balance | - | |
| oracle | agile_plm_framework | 9.3.6 | |
| oracle | enterprise_manager_for_virtualization | 13.2.2 | |
| oracle | enterprise_manager_for_virtualization | 13.2.3 | |
| oracle | financial_services_hedge_management_and_ifrs_valuations | 8.0.4 | |
| oracle | financial_services_hedge_management_and_ifrs_valuations | 8.0.5 | |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.5 | |
| oracle | global_lifecycle_management_opatchauto | | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | retail_order_broker | 5.2 | |
| oracle | retail_xstore_point_of_service | 6.5.11 | |
| oracle | retail_xstore_point_of_service | 7.0.6 | |
| oracle | retail_xstore_point_of_service | 7.1.6 | |
| oracle | retail_xstore_point_of_service | 15.0.1 | |
| oracle | retail_xstore_point_of_service | 16.0.2 | |
| oracle | webcenter_portal | 12.2.1.2.0 | |
| oracle | webcenter_portal | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.2 | |
| oracle | weblogic_server | 12.2.1.3 | |
References
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/102021
- http://www.securitytracker.com/id/1039946
- https://cwiki.apache.org/confluence/display/WW/S2-054
- https://security.netapp.com/advisory/ntap-20171214-0001/
- https://nvd.nist.gov/vuln/detail/CVE-2017-15707
- https://github.com/advisories/GHSA-xcrm-qpp8-hcw4
- https://security.netapp.com/advisory/ntap-20171214-0001
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.