Zero-day vulnerabilities discovered: 1
Infinite loop
The vulnerability allows a remote attacker to cause DoS conditions on the target system.On April 24, 2014, the Apache Software Foundation (ASF) released an advisory warning that a patch issued in March, 2 for a zero-day vulnerability in Apache Struts up to version 2.3.16.1, did not fully patch the vulnerabilities (CVE-2014-0094 or CVE-2014-0050).
Software: Apache Struts
Links:
http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E
https://www.symantec.com/connect/blogs/emerging-threat-apache-struts-zero-day-cve-2014-0050-0094-dos...
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2014-0050--Exploit-with-Boundaries,-Loops-wi...
http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000017.html
https://www.symantec.com/connect/blogs/emerging-threat-apache-struts-zero-day-cve-2014-0050-0094-dos-and-remote-code-execution-vulner
http://www.ehackingnews.com/2014/02/cve-2014-0050-apache-tomcat-vulnerable.html
http://telussecuritylabs.com/threats/show/TSL20140206-02
http://www.javaworld.com/article/2097428/enterprise-java/denial-of-service-vulnerability-puts-apache...