Lucene search
GoogleOSV:GHSA-VWXJ-6M5M-RRVHHistoryOct 16, 2018 - 7:37 p.m.
The REST Plugin in Apache Struts is using an outdated XStream library
2018-10-1619:37:22
Google
osv.dev
9
0.975 High
EPSS
Percentile
100.0%
The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
References
www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm
www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
www.securityfocus.com/bid/100611
www.securitytracker.com/id/1039262
github.com/advisories/GHSA-vwxj-6m5m-rrvh
nvd.nist.gov/vuln/detail/CVE-2017-9793
security.netapp.com/advisory/ntap-20180629-0001
struts.apache.org/docs/s2-051.html
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
Related
osv
osv
CVE-2017-9793
2017-09-20 17:29:00
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering
2018-10-16 19:37:56
CVE-2017-9805
2017-09-15 19:29:00
openvas
openvas
Apache Struts Security Update (S2-051, S2-052) - Version Check
2019-08-28 00:00:00
Apache Struts Security Update (S2-052) - Active Check
2017-09-07 00:00:00
Apache Struts DoS Vulnerability (S2-051) - Linux
2019-08-28 00:00:00
cisco
cisco
ibm
ibm
fortinet
fortinet
Apache Struts RCE Vulnerability
2017-09-29 00:00:00
nessus
nessus
Apache Struts 2.1.x >= 2.1.2 / 2.2.x / 2.3.x < 2.3.34 / 2.5.x < 2.5.13 Multiple Vulnerabilities (S2-050 - S2-053)
2017-09-05 00:00:00
Apache Struts 2 REST Plugin XStream XML Request Deserialization RCE
2017-09-06 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities
2017-10-04 00:00:00
cisa
cisa
Oracle Patches Apache Vulnerabilities
2017-09-25 00:00:00
nvd
nvd
CVE-2017-9805
2017-09-15 19:29:00
CVE-2017-9793
2017-09-20 17:29:00
dsquare
dsquare
Apache Struts REST Plugin XStream RCE
2018-04-20 00:00:00
f5
f5
K84144321 : Apache Struts vulnerability CVE-2017-9805
2017-09-06 00:00:00
K12542008 : Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804
2017-09-08 00:00:00
seebug
seebug
Apache Struts2 S2-052 (CVE-2017-9805)
2017-09-06 00:00:00
github
github
redhatcve
redhatcve
CVE-2017-9793
2017-09-05 13:48:46
CVE-2017-9805
2017-09-05 14:19:21
trendmicroblog
trendmicroblog
packetstorm
packetstorm
Apache Struts 2 REST Plugin XStream Remote Code Execution
2017-09-07 00:00:00
Apache Struts 2.5.12 XStream Remote Code Execution
2017-09-07 00:00:00
cert
cert
exploitpack
exploitpack
Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution
2017-09-06 00:00:00
prion
prion
Deserialization of untrusted data
2017-09-15 19:29:00
Design/Logic Flaw
2017-09-20 17:29:00
saint
saint
Apache Struts REST plugin XStream deserialization vulnerability
2017-09-08 00:00:00
Apache Struts REST plugin XStream deserialization vulnerability
2017-09-08 00:00:00
Apache Struts REST plugin XStream deserialization vulnerability
2017-09-08 00:00:00
zdt
zdt
Apache Struts 2.5 - Remote Code Execution Exploit
2017-09-07 00:00:00
cve
cve
CVE-2017-9793
2017-09-20 17:29:00
CVE-2017-9805
2017-09-15 19:29:00
thn
thn
Apache Struts 2 Flaws Affect Multiple Cisco Products
2017-09-11 23:50:00
Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers
2017-09-05 07:40:00
Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
2017-09-13 21:38:00
cisa_kev
cisa_kev
Apache Struts Deserialization of Untrusted Data Vulnerability
2021-11-03 00:00:00
impervablog
impervablog
RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits
2018-03-08 18:45:38
How Reputation Intelligence Improves Application Security
2017-11-13 16:30:38
The State of Web Application Vulnerabilities in 2017
2017-12-28 17:20:47
ubuntucve
ubuntucve
CVE-2017-9805
2017-09-15 00:00:00
CVE-2017-9793
2017-09-20 00:00:00
myhack58
myhack58
checkpoint_advisories
checkpoint_advisories
Apache Struts2 REST Plugin XStream DoS (CVE-2017-9793) - Ver2
2018-04-11 00:00:00
Apache Struts REST Plugin XStream Deserialization Remote Code Execution (CVE-2017-9805)
2017-09-06 00:00:00
Apache Struts 2 REST Plugin XStream Denial of Service (CVE-2017-9793)
2017-09-18 00:00:00
nuclei
nuclei
Apache Struts2 S2-052 - Remote Code Execution
2021-02-21 14:01:07
Apache Struts2 S2-053 - Remote Code Execution
2021-02-21 15:39:29
Apache Struts2 S2-053 - Remote Code Execution
2021-02-21 14:01:50
metasploit
metasploit
Apache Struts 2 REST Plugin XStream RCE
2017-09-08 00:30:48
attackerkb
attackerkb
CVE-2017-9805
2017-09-15 00:00:00
CVE-2017-9791
2017-07-10 00:00:00
cvelist
cvelist
CVE-2017-9805
2017-09-15 19:00:00
CVE-2017-9793
2017-09-05 00:00:00
cloudfoundry
cloudfoundry
CVE-2017-9805: Apache Struts Remote Code Execution | Cloud Foundry
2017-09-08 00:00:00
exploitdb
exploitdb
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution
2017-09-06 00:00:00
talosblog
talosblog
Another Apache Struts Vulnerability Under Active Exploitation
2017-09-07 15:42:00
2018 in Snort Rules
2019-02-06 08:19:00
threatpost
threatpost
Apache Foundation Refutes Involvement in Equifax Breach
2017-09-11 15:02:31
Apache Struts 2 Flaw Uncovered: βMore Critical Than Equifax Bugβ
2018-08-23 16:46:57
Equifax Confirms March Struts Vulnerability Behind Breach
2017-09-14 16:00:34
pentestit
pentestit
S2-052: Apache Struts2 REST Plugin Payloads (CVE-2017-9805)
2017-09-07 05:33:35
veracode
veracode
Denial Of Service (DoS)
2017-09-05 23:07:18
kitploit
kitploit
Sn1per v5.0 - Automated Pentest Recon Scanner
2018-07-05 13:45:00
Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts
2018-11-24 12:43:00
Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
2019-05-12 13:09:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00