Lucene search

GoogleOSV:CVE-2017-9791

HistoryJul 10, 2017 - 4:29 p.m.

CVE-2017-9791

2017-07-1016:29:00

Google

osv.dev

8.5 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

CPENameOperatorVersion
strutseqSTRUTS_2_3_21
strutseqSTRUTS_2_3_16_1
strutseqSTRUTS_2_3_25
strutseqSTRUTS_2_3_20
strutseqSTRUTS_2_3_19
strutseqSTRUTS_2_3_17
strutseqSTRUTS_2_3_16_3
strutseqSTRUTS_2_2_1
strutseqSTRUTS_2_3_22
strutseqSTRUTS_2_3_24_1

Name	Operator	Version
struts	eq	STRUTS_2_3_21
struts	eq	STRUTS_2_3_16_1
struts	eq	STRUTS_2_3_25
struts	eq	STRUTS_2_3_20
struts	eq	STRUTS_2_3_19
struts	eq	STRUTS_2_3_17
struts	eq	STRUTS_2_3_16_3
struts	eq	STRUTS_2_2_1
struts	eq	STRUTS_2_3_22
struts	eq	STRUTS_2_3_24_1

Rows per page:

1-10 of 171

References

struts.apache.org/docs/s2-048.html

www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

www.securityfocus.com/bid/99484

www.securitytracker.com/id/1038838

security.netapp.com/advisory/ntap-20180706-0002/

www.exploit-db.com/exploits/42324/

www.exploit-db.com/exploits/44643/

nuclei

Apache Struts2 S2-053 - Remote Code Execution

2021-02-21 15:39:29

Apache Struts2 S2-052 - Remote Code Execution

2021-02-21 14:01:07

Apache Struts2 S2-053 - Remote Code Execution

2021-02-21 14:01:50

pentestit

S2-052: Apache Struts2 REST Plugin Payloads (CVE-2017-9805)

2017-09-07 05:33:35

attackerkb

CVE-2017-9791

2017-07-10 00:00:00

CVE-2017-9805

2017-09-15 00:00:00

impervablog

CVE-2017-9805: Analysis of Apache Struts RCE Vulnerability in REST Plugin

2017-09-08 16:10:08

Imperva’s Top 10 Blogs of 2017

2017-12-18 17:43:16

Apache Struts, RCE and Managing App Risk

2017-09-18 20:33:25

zdt

Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution Exploit

2018-05-18 00:00:00

Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) Exploit

2017-07-14 00:00:00

Apache Struts 2.5 - Remote Code Execution Exploit

2017-09-07 00:00:00

myhack58

struts2 and double 叒叕 a high-risk vulnerability S2-048-the vulnerability warning-the black bar safety net

2017-07-08 00:00:00

Vulnerability warning | bucket pixel technology found in high-risk Struts2 showcase remote code execution vulnerability S2-048-the vulnerability warning-the black bar safety net

2017-07-08 00:00:00

Apache Struts2–052 vulnerability research alert-vulnerability warning-the black bar safety net

2017-09-06 00:00:00

cve

CVE-2017-9791

2017-07-10 16:29:00

CVE-2017-9805

2017-09-15 19:29:00

openvas

Apache Struts RCE Vulnerability (S2-048) - Version Check

2021-09-16 00:00:00

Apache Struts RCE Vulnerability (S2-048) - Active Check

2017-07-10 00:00:00

Apache Struts Security Update (S2-052) - Active Check

2017-09-07 00:00:00

K23289753 : Apache Struts vulnerability CVE-2017-9791

2017-07-18 00:00:00

K84144321 : Apache Struts vulnerability CVE-2017-9805

2017-09-06 00:00:00

saint

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

2018-06-06 00:00:00

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

2018-06-06 00:00:00

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

2018-06-06 00:00:00

exploitpack

Apache Struts 2.3.x Showcase - Remote Code Execution

2017-07-07 00:00:00

Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution

2017-09-06 00:00:00

prion

Remote code execution

2017-07-10 16:29:00

Deserialization of untrusted data

2017-09-15 19:29:00

osv

Code execution in Apache Struts 1 plugin

2022-05-13 01:26:13

REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering

2018-10-16 19:37:56

CVE-2017-9805

2017-09-15 19:29:00

packetstorm

Apache Struts 2.3.x Showcase Remote Code Execution

2017-07-14 00:00:00

Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution

2018-05-16 00:00:00

Apache Struts 2 REST Plugin XStream Remote Code Execution

2017-09-07 00:00:00

cvelist

CVE-2017-9791

2017-07-07 00:00:00

CVE-2017-9805

2017-09-15 19:00:00

ibm

Security Bulletin: Apache Struts Vulnerability CVE-2017-9791 will not affect PSS products

2018-06-18 01:37:14

Security Bulletin: IBM OpenPages GRC Platform Web Applications are NOT vulnerable to (CVE-2017-9805 , CVE-2017-9804, CVE-2017-9793)

2018-06-15 23:48:02

nessus

Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)

2017-07-11 00:00:00

Apache Struts 2.3.x Struts 1 plugin RCE (remote)

2017-09-01 00:00:00

Apache Struts 2 REST Plugin XStream XML Request Deserialization RCE

2017-09-06 00:00:00

checkpoint_advisories

Apache Struts2 Struts1_Plugin Remote Code Execution (CVE-2017-9791)

2017-07-09 00:00:00

Apache Struts REST Plugin XStream Deserialization Remote Code Execution (CVE-2017-9805)

2017-09-06 00:00:00

cisa_kev

Apache Struts 1 Improper Input Validation Vulnerability

2022-02-10 00:00:00

Apache Struts Deserialization of Untrusted Data Vulnerability

2021-11-03 00:00:00

veracode

Remote Code Execution (RCE)

2017-07-07 21:38:00

cisa

Oracle Patches Apache Vulnerabilities

2017-09-25 00:00:00

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

2022-02-10 00:00:00

nvd

CVE-2017-9805

2017-09-15 19:29:00

CVE-2017-9791

2017-07-10 16:29:00

dsquare

Apache Struts REST Plugin XStream RCE

2018-04-20 00:00:00

Apache Struts 2 Struts 1 Plugin ActionMessage < 2.3.32 RCE

2017-10-20 00:00:00

seebug

Apache Struts2 S2-052 (CVE-2017-9805)

2017-09-06 00:00:00

github

Code execution in Apache Struts 1 plugin

2022-05-13 01:26:13

REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering

2018-10-16 19:37:56

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

2023-09-21 20:56:46

redhatcve

CVE-2017-9791

2017-07-10 19:19:45

CVE-2017-9805

2017-09-05 14:19:21

ubuntucve

CVE-2017-9791

2017-07-10 00:00:00

CVE-2017-9805

2017-09-15 00:00:00

thn

Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers

2017-09-05 07:40:00

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

2017-09-13 21:38:00

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

2018-08-22 14:04:00

metasploit

Apache Struts 2 REST Plugin XStream RCE

2017-09-08 00:30:48

trendmicroblog

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 4, 2017

2017-09-08 14:23:58

cert

Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data

2017-09-06 00:00:00

cloudfoundry

CVE-2017-9805: Apache Struts Remote Code Execution | Cloud Foundry

2017-09-08 00:00:00

exploitdb

Apache Struts 2.3.x Showcase - Remote Code Execution

2017-07-07 00:00:00

Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution

2017-09-06 00:00:00

talosblog

Another Apache Struts Vulnerability Under Active Exploitation

2017-09-07 15:42:00

2018 in Snort Rules

2019-02-06 08:19:00

threatpost

Apache Foundation Refutes Involvement in Equifax Breach

2017-09-11 15:02:31

Patch Released for Critical Apache Struts Bug

2017-09-05 14:10:54

Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’

2018-08-23 16:46:57

fortinet

Apache Struts RCE Vulnerability

2017-09-29 00:00:00

cisco

Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017

2017-09-07 21:00:00

kitploit

Sn1per v5.0 - Automated Pentest Recon Scanner

2018-07-05 13:45:00

Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts

2018-11-24 12:43:00

Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts

2019-05-12 13:09:00

qualysblog

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

oracle

Oracle Critical Patch Update - October 2017

2017-10-17 00:00:00

8.5 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

CVE-2017-9791

References

Related