Lucene search
F5F5:K12542008HistorySep 08, 2017 - 12:00 a.m.
K12542008 : Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804
2017-09-0800:00:00
my.f5.com
59
Security Advisory Description
The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
redhatcve
redhatcve
ubuntucve
ubuntucve
nvd
nvd
cve
cve
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2017-09-05 21:13:06
Denial Of Service (DoS)
2017-07-14 05:43:57
Denial Of Service (DoS)
2017-09-05 23:07:18
prion
prion
Code injection
2017-09-20 17:29:00
Code injection
2017-07-13 15:29:00
Design/Logic Flaw
2017-09-20 17:29:00
cvelist
cvelist
github
github
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
2018-10-16 19:37:33
Apache Struts Improper Input Validation vulnerability
2018-10-16 19:36:43
The REST Plugin in Apache Struts is using an outdated XStream library
2018-10-16 19:37:22
osv
osv
CVE-2017-9804
2017-09-20 17:29:00
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
2018-10-16 19:37:33
Apache Struts Improper Input Validation vulnerability
2018-10-16 19:36:43
cisco
cisco
ibm
ibm
fortinet
fortinet
Apache Struts RCE Vulnerability
2017-09-29 00:00:00
nessus
nessus
Apache Struts 2.1.x >= 2.1.2 / 2.2.x / 2.3.x < 2.3.34 / 2.5.x < 2.5.13 Multiple Vulnerabilities (S2-050 - S2-053)
2017-09-05 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities
2017-10-04 00:00:00
Apache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049)
2017-07-14 00:00:00
threatpost
threatpost
Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug
2017-09-26 14:28:26
Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe
2019-08-15 18:41:37
openvas
openvas
Apache Struts URLValidator DoS Vulnerability (S2-047) - Linux
2017-07-18 00:00:00
Apache Struts Security Update (S2-047)
2017-07-18 00:00:00
Apache Struts Security Update (S2-050)
2017-09-11 00:00:00
f5
f5
K00503780 : Apache Struts 2 vulnerability CVE-2017-7672
2017-08-03 00:00:00
thn
thn
Apache Struts 2 Flaws Affect Multiple Cisco Products
2017-09-11 23:50:00
checkpoint_advisories
checkpoint_advisories
Apache Struts 2 REST Plugin XStream Denial of Service (CVE-2017-9793)
2017-09-18 00:00:00
Apache Struts2 REST Plugin XStream DoS (CVE-2017-9793) - Ver2
2018-04-11 00:00:00