The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

CPENameOperatorVersion
strutseqSTRUTS_2_5_5
strutseqSTRUTS_2_5_1
strutseqSTRUTS_2_2_1
strutseqSTRUTS_2_3_22
strutseqSTRUTS_2_3_24
strutseqSTRUTS_2_3_23
strutseqSTRUTS_2_3_20
strutseqSTRUTS_2_3_17
strutseqSTRUTS_2_5_2
strutseqSTRUTS_2_5_3

Name	Operator	Version
struts	eq	STRUTS_2_5_5
struts	eq	STRUTS_2_5_1
struts	eq	STRUTS_2_2_1
struts	eq	STRUTS_2_3_22
struts	eq	STRUTS_2_3_24
struts	eq	STRUTS_2_3_23
struts	eq	STRUTS_2_3_20
struts	eq	STRUTS_2_3_17
struts	eq	STRUTS_2_5_2
struts	eq	STRUTS_2_5_3

Rows per page:

1-10 of 311

References

www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

www.securityfocus.com/bid/100609

www.securitytracker.com/id/1039263

blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax

bugzilla.redhat.com/show_bug.cgi?id=1488482

cwiki.apache.org/confluence/display/WW/S2-052

lgtm.com/blog/apache_struts_CVE-2017-9805

security.netapp.com/advisory/ntap-20170907-0001/

struts.apache.org/docs/s2-052.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

www.exploit-db.com/exploits/42627/

www.kb.cert.org/vuls/id/112992

zdt 2

metasploit 1

nuclei 3

cve 1

impervablog 8

cloudfoundry 1

checkpoint_advisories 1

saint 3

attackerkb 2

github 2

cvelist 1

f5 1

seebug 1

dsquare 1

cisa 1

osv 12

nvd 1

cert 1

nessus 4

packetstorm 2

openvas 2

trendmicroblog 1

exploitpack 1

prion 1

thn 5

redhatcve 1

ubuntucve 1

cisa_kev 1

myhack58 1

exploitdb 1

threatpost 5

talosblog 2

pentestit 1

cisco 1

ibm 1

fortinet 1

kitploit 5

qualysblog 1

oracle 1

zdt

Apache Struts 2.5 - Remote Code Execution Exploit

2017-09-07 00:00:00

Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution Exploit

2017-09-07 00:00:00

metasploit

Apache Struts 2 REST Plugin XStream RCE

2017-09-08 00:30:48

nuclei

Apache Struts2 S2-052 - Remote Code Execution

2021-02-21 14:01:07

Apache Struts2 S2-053 - Remote Code Execution

2021-02-21 14:01:50

Apache Struts2 S2-053 - Remote Code Execution

2021-02-21 15:39:29

cve

CVE-2017-9805

2017-09-15 19:29:00

impervablog

How Reputation Intelligence Improves Application Security

2017-11-13 16:30:38

RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits

2018-03-08 18:45:38

The State of Web Application Vulnerabilities in 2017

2017-12-28 17:20:47

cloudfoundry

CVE-2017-9805: Apache Struts Remote Code Execution | Cloud Foundry

2017-09-08 00:00:00

checkpoint_advisories

Apache Struts REST Plugin XStream Deserialization Remote Code Execution (CVE-2017-9805)

2017-09-06 00:00:00

saint

Apache Struts REST plugin XStream deserialization vulnerability

2017-09-08 00:00:00

Apache Struts REST plugin XStream deserialization vulnerability

2017-09-08 00:00:00

Apache Struts REST plugin XStream deserialization vulnerability

2017-09-08 00:00:00

attackerkb

CVE-2017-9805

2017-09-15 00:00:00

CVE-2017-9791

2017-07-10 00:00:00

github

REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering

2018-10-16 19:37:56

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

2023-09-21 20:56:46

cvelist

CVE-2017-9805

2017-09-15 19:00:00

K84144321 : Apache Struts vulnerability CVE-2017-9805

2017-09-06 00:00:00

seebug

Apache Struts2 S2-052 (CVE-2017-9805)

2017-09-06 00:00:00

dsquare

Apache Struts REST Plugin XStream RCE

2018-04-20 00:00:00

cisa

Oracle Patches Apache Vulnerabilities

2017-09-25 00:00:00

osv

REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering

2018-10-16 19:37:56

The REST Plugin in Apache Struts is using an outdated XStream library

2018-10-16 19:37:22

Apache Struts Improper Input Validation vulnerability

2018-10-16 19:36:43

nvd

CVE-2017-9805

2017-09-15 19:29:00

cert

Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data

2017-09-06 00:00:00

nessus

Apache Struts 2 REST Plugin XStream XML Request Deserialization RCE

2017-09-06 00:00:00

MySQL Enterprise Monitor 3.2.x < 3.2.9.2249 / 3.3.x < 3.3.5.3292 / 3.4.x < 3.4.3.4225 Multiple Vulnerabilities (October 2017 CPU)

2017-09-28 00:00:00

Apache Struts 2.1.x >= 2.1.2 / 2.2.x / 2.3.x < 2.3.34 / 2.5.x < 2.5.13 Multiple Vulnerabilities (S2-050 - S2-053)

2017-09-05 00:00:00

packetstorm

Apache Struts 2.5.12 XStream Remote Code Execution

2017-09-07 00:00:00

Apache Struts 2 REST Plugin XStream Remote Code Execution

2017-09-07 00:00:00

openvas

Apache Struts Security Update (S2-052) - Active Check

2017-09-07 00:00:00

Apache Struts Security Update (S2-051, S2-052) - Version Check

2019-08-28 00:00:00

trendmicroblog

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 4, 2017

2017-09-08 14:23:58

exploitpack

Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution

2017-09-06 00:00:00

prion

Deserialization of untrusted data

2017-09-15 19:29:00

thn

Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers

2017-09-05 07:40:00

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

2017-09-13 21:38:00

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

2018-08-22 14:04:00

redhatcve

CVE-2017-9805

2017-09-05 14:19:21

ubuntucve

CVE-2017-9805

2017-09-15 00:00:00

cisa_kev

Apache Struts Deserialization of Untrusted Data Vulnerability

2021-11-03 00:00:00

myhack58

Apache Struts2–052 vulnerability research alert-vulnerability warning-the black bar safety net

2017-09-06 00:00:00

exploitdb

Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution

2017-09-06 00:00:00

threatpost

Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’

2018-08-23 16:46:57

Equifax Confirms March Struts Vulnerability Behind Breach

2017-09-14 16:00:34

Apache Foundation Refutes Involvement in Equifax Breach

2017-09-11 15:02:31

talosblog

Another Apache Struts Vulnerability Under Active Exploitation

2017-09-07 15:42:00

2018 in Snort Rules

2019-02-06 08:19:00

pentestit

S2-052: Apache Struts2 REST Plugin Payloads (CVE-2017-9805)

2017-09-07 05:33:35

cisco

Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017

2017-09-07 21:00:00

ibm

Security Bulletin: IBM OpenPages GRC Platform Web Applications are NOT vulnerable to (CVE-2017-9805 , CVE-2017-9804, CVE-2017-9793)

2018-06-15 23:48:02

fortinet

Apache Struts RCE Vulnerability

2017-09-29 00:00:00

kitploit

Sn1per v5.0 - Automated Pentest Recon Scanner

2018-07-05 13:45:00

Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts

2018-11-24 12:43:00

Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts

2019-05-12 13:09:00

qualysblog

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

oracle

Oracle Critical Patch Update - October 2017

2017-10-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.6 High

AI Score

Confidence

Low

0.975 High

EPSS

Percentile

100.0%

JSON

Related for OSV:CVE-2017-9805