A denial of service vulnerability exists in Apache Struts URLValidator. The vulnerability is due to insufficient validation of crafted URLs by the URLValidator. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to a Struts 2 application. Successful attack can result in a denial of service condition.