|Home > Security Bulletins > S2-049|
Who should read this
All Struts 2 developers and users
Impact of vulnerability
A DoS attack is available for Spring secured actions
Maximum security rating
Upgrade to Struts 2.5.12
Struts 2.3.7 - Struts 2.3.32, Struts 2.5 - Struts 220.127.116.11
Yasser Zamani <yasser dot zamani at live dot com>
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated
Upgrade to Apache Struts version 2.5.12 or 2.3.33.
No backward incompatibility issues are expected.
Please define the below constant in a