|Home > Security Bulletins > S2-034|
Who should read this
All Struts 2 developers and users
Impact of vulnerability
Possible DoS attack
Maximum security rating
This issue was resolved by publising new OGNL version, any Struts version which at least is using OGNL 3.0.12 is safe.
Struts 2.0.0 - Struts 18.104.22.168
Tao Wang wangtao12 at baidu dot com - Baidu Security Response Center
The OGNL expression language used by the Apache Struts framework has inproper implementaion of cache used to store method references. It's possible to prepare a DoS attack which can block access to a web site.
You can should upgrade OGNL at least to version 3.0.12 or by upgrading to latest Struts version.
No issues expected when upgrading to OGNL or Struts.
Not possible except upgrading OGNL as mentioned above.