Vulnerability & Exploit Database

Back to search

Apache Struts: CVE-2017-9805: Possible Remote Code Execution attack using REST plugin

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:P/I:P/A:P) September 04, 2017 September 05, 2017 November 30, 2017

Available Exploits 


The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now