struts2-struts1-plugin is vulnerable to remote code execution (RCE) attacks. These attacks are possible because the user input are not sanitized and are directly passed through messages.add() to be used as a part of an error message in the ActionMessage class. This doesn’t affect users of the Struts 2.5.x series or applications that do not use the Struts 1 plugin.

CPENameOperatorVersion
struts 2 showcase webapple2.3.32

CPE	Name	Operator	Version
	struts 2 showcase webapp	le	2.3.32

References

seclists.org/oss-sec/2017/q3/92

struts.apache.org/docs/s2-048.html

www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

www.securityfocus.com/bid/99484

www.securitytracker.com/id/1038838

github.com/apache/struts/commit/73da12e723c2737bd515946588ddcd898acf584a

github.com/nixawk/labs/issues/8

securingtomorrow.mcafee.com/mcafee-labs/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution/

security.netapp.com/advisory/ntap-20180706-0002/

www.exploit-db.com/exploits/42324/

www.exploit-db.com/exploits/44643/

openvas 2

cve 1

saint 3

f5 1

zdt 2

myhack58 2

checkpoint_advisories 1

cisa_kev 1

nessus 3

exploitpack 1

prion 1

osv 2

ibm 1

cvelist 1

packetstorm 2

dsquare 1

nvd 1

github 1

redhatcve 1

ubuntucve 1

exploitdb 1

nuclei 1

pentestit 1

impervablog 4

attackerkb 1

threatpost 3

cisa 1

kitploit 1

qualysblog 1

openvas

Apache Struts RCE Vulnerability (S2-048) - Version Check

2021-09-16 00:00:00

Apache Struts RCE Vulnerability (S2-048) - Active Check

2017-07-10 00:00:00

cve

CVE-2017-9791

2017-07-10 16:29:00

saint

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

2018-06-06 00:00:00

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

2018-06-06 00:00:00

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

2018-06-06 00:00:00

K23289753 : Apache Struts vulnerability CVE-2017-9791

2017-07-18 00:00:00

zdt

Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution Exploit

2018-05-18 00:00:00

Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) Exploit

2017-07-14 00:00:00

myhack58

struts2 and double 叒叕 a high-risk vulnerability S2-048-the vulnerability warning-the black bar safety net

2017-07-08 00:00:00

Vulnerability warning | bucket pixel technology found in high-risk Struts2 showcase remote code execution vulnerability S2-048-the vulnerability warning-the black bar safety net

2017-07-08 00:00:00

checkpoint_advisories

Apache Struts2 Struts1_Plugin Remote Code Execution (CVE-2017-9791)

2017-07-09 00:00:00

cisa_kev

Apache Struts 1 Improper Input Validation Vulnerability

2022-02-10 00:00:00

nessus

Apache Struts 2.3.x Struts 1 plugin RCE (remote)

2017-09-01 00:00:00

Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)

2017-07-11 00:00:00

Oracle WebLogic Server Multiple Vulnerabilities

2017-10-04 00:00:00

exploitpack

Apache Struts 2.3.x Showcase - Remote Code Execution

2017-07-07 00:00:00

prion

Remote code execution

2017-07-10 16:29:00

osv

Code execution in Apache Struts 1 plugin

2022-05-13 01:26:13

CVE-2017-9791

2017-07-10 16:29:00

ibm

Security Bulletin: Apache Struts Vulnerability CVE-2017-9791 will not affect PSS products

2018-06-18 01:37:14

cvelist

CVE-2017-9791

2017-07-07 00:00:00

packetstorm

Apache Struts 2.3.x Showcase Remote Code Execution

2017-07-14 00:00:00

Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution

2018-05-16 00:00:00

dsquare

Apache Struts 2 Struts 1 Plugin ActionMessage < 2.3.32 RCE

2017-10-20 00:00:00

nvd

CVE-2017-9791

2017-07-10 16:29:00

github

Code execution in Apache Struts 1 plugin

2022-05-13 01:26:13

redhatcve

CVE-2017-9791

2017-07-10 19:19:45

ubuntucve

CVE-2017-9791

2017-07-10 00:00:00

exploitdb

Apache Struts 2.3.x Showcase - Remote Code Execution

2017-07-07 00:00:00

nuclei

Apache Struts2 S2-053 - Remote Code Execution

2021-02-21 15:39:29

pentestit

S2-052: Apache Struts2 REST Plugin Payloads (CVE-2017-9805)

2017-09-07 05:33:35

impervablog

CVE-2017-9791: Analysis of RCE in the Struts Showcase App in Struts 1 Plugin

2017-07-13 19:12:31

CVE-2017-9805: Analysis of Apache Struts RCE Vulnerability in REST Plugin

2017-09-08 16:10:08

Imperva’s Top 10 Blogs of 2017

2017-12-18 17:43:16

attackerkb

CVE-2017-9791

2017-07-10 00:00:00

threatpost

Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe

2019-08-15 18:41:37

Self-Propagating Lucifer Malware Targets Windows Systems

2020-06-24 21:20:16

Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug

2017-09-26 14:28:26

cisa

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

2022-02-10 00:00:00

kitploit

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

qualysblog

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.974 High

EPSS

Percentile

100.0%

JSON

Related for VERACODE:4553