Vulnerability & Exploit Database

Back to search

Apache Struts: S2-052 (CVE-2017-9805): Security updates available for Apache Struts

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:P/I:P/A:P) September 05, 2017 September 06, 2017 January 19, 2018

Available Exploits 

Description

The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

apache-struts-upgrade-2_3_34