When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

Affected Packages

Maven org.apache.struts:struts2-core

Affected versions: 2.3.7 (fixed in 2.3.33)

Maven org.apache.struts:struts2-core

Affected versions: 2.5.0 (fixed in 2.5.12)

Related CVEs

CVE-2017-9787

Key Information

GHSA ID

GHSA-8mr5-h28g-36qx

Published

October 16, 2018 7:37 PM

Last Modified

April 26, 2022 7:00 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.struts:struts2-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.