Vulnerability & Exploit Database

Back to search

Apache Struts: CVE-2017-9805: Possible Remote Code Execution attack using REST plugin

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:P/I:P/A:P) September 04, 2017 September 05, 2017 October 31, 2017

Available Exploits 

Description

The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

struts-cve-2017-9805-1