Endpoint Vulnerability

Apache Struts security advisory S2-049

Description

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack even if user was not properly authenticated but an application mixed secured and not secured actions in one class.

Affected Products

Apache Struts

References

CVE-2017-9787,