SID 1:47061

Report a false positive

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Apache Struts URL validator denial of service attempt

Rule Explanation

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field. Impact: Web Application Attack CVSS base score 5.3 CVSS impact score 1.4 CVSS exploitability score 3.9 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE Details: Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2016-4465

Additional Links

cwiki.apache.org/confluence/display/WW/S2-041

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2016-4465
 Loading description