Candidate: CVE-2018-1327
PublicDate: 2018-03-27 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1327
 https://cwiki.apache.org/confluence/display/WW/S2-056
Description:
 The Apache Struts REST Plugin is using XStream library which is vulnerable
 and allow perform a DoS attack when using a malicious request with
 specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16
 and switch to an optional Jackson XML handler as described here
 http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another
 option is to implement a custom XML handler based on the Jackson XML
 handler from the Apache Struts 2.5.16.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libstruts1.2-java:
upstream_libstruts1.2-java: needs-triage
precise/esm_libstruts1.2-java: DNE
trusty_libstruts1.2-java: ignored (reached end-of-life)
trusty/esm_libstruts1.2-java: DNE (trusty was needs-triage)
xenial_libstruts1.2-java: DNE
artful_libstruts1.2-java: DNE
bionic_libstruts1.2-java: DNE
cosmic_libstruts1.2-java: DNE
disco_libstruts1.2-java: DNE
devel_libstruts1.2-java: DNE