Back to search

Apache Struts: S2-052 (CVE-2017-9805): Security updates available for Apache Struts

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	September 05, 2017	September 06, 2017	January 19, 2018

Available Exploits

Apache Struts 2 REST Plugin XStream RCE

Description

The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

Free InsightVM Trial

References

BID-100609
CERT-VN-112992
CVE-2017-9805
URL: https://cwiki.apache.org/confluence/display/WW/S2-052

Solution

apache-struts-upgrade-2_3_34

Vulnerability & Exploit Database

Apache Struts: S2-052 (CVE-2017-9805): Security updates available for Apache Struts

Available Exploits

Description

Scan For This Vulnerability

References

Solution

Legal

Resources & Help

Connect With Us

Stay in touch:

Quick Cookie Notification

Vulnerability & Exploit Database

Apache Struts: S2-052 (CVE-2017-9805): Security updates available for Apache Struts

Available Exploits

Description

Scan For This Vulnerability

References

Solution

Legal

Resources & Help

Connect With Us

Stay in touch: