Vulnerability-Lookup

CVE-2017-9793 (GCVE-0-2017-9793)

Vulnerability from cvelistv5 – Published: 2017-09-20 17:00 – Updated: 2024-09-16 20:12

Summary

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

Severity ?

No CVSS data available.

CWE

A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin

Assigner

apache

References

URL

	Vendor	Product	Version
	Apache Software Foundation	Apache Struts	Affected: 2.3.7 - 2.3.33 Affected: 2.5 - 2.5.12 Affected: 2.1.x series

CNVD-2017-31532

Vulnerability from cnvd - Published: 2017-10-26

Title

Apache Struts REST插件拒绝服务漏洞

Description

Apache Struts是美国阿帕奇（Apache）软件基金会负责维护的一个开源项目，是一套用于创建企业级Java Web应用的开源MVC框架。Apache Struts 2是Apache Struts的下一代产品，是在Struts 1和WebWork的技术基础上进行了合并的全新Struts 2框架。REST plugin是其中的一个处理传入URL请求的插件。 Apache Struts 2.3.7版本至2.3.33版本和2.5版本和2.5.12版本中的REST Plugin存在安全漏洞。攻击者可借助带有特制XML载荷的恶意请求利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Apache Struts REST插件拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://struts.apache.org/docs/s2-051.html

Reference

http://securitytracker.com/id/1039262

Impacted products

Name
['Apache Software Foundation Struts 2 >=2.3.7，<=2.3.33', 'Apache Software Foundation Struts 2 >=2.5，<=2.5.12', 'Apache struts >=2.3.7，<=2.3.33', 'Apache struts >=2.5，<=2.5.12']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100611"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9793"
    }
  },
  "description": "Apache Struts\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u8d1f\u8d23\u7ef4\u62a4\u7684\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u662f\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u7ea7Java Web\u5e94\u7528\u7684\u5f00\u6e90MVC\u6846\u67b6\u3002Apache Struts 2\u662fApache Struts\u7684\u4e0b\u4e00\u4ee3\u4ea7\u54c1\uff0c\u662f\u5728Struts 1\u548cWebWork\u7684\u6280\u672f\u57fa\u7840\u4e0a\u8fdb\u884c\u4e86\u5408\u5e76\u7684\u5168\u65b0Struts 2\u6846\u67b6\u3002REST plugin\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5904\u7406\u4f20\u5165URL\u8bf7\u6c42\u7684\u63d2\u4ef6\u3002\r\n\r\nApache Struts 2.3.7\u7248\u672c\u81f32.3.33\u7248\u672c\u548c2.5\u7248\u672c\u548c2.5.12\u7248\u672c\u4e2d\u7684REST Plugin\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5e26\u6709\u7279\u5236XML\u8f7d\u8377\u7684\u6076\u610f\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Huijun Chen, and Xiaolong Zhu",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://struts.apache.org/docs/s2-051.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-31532",
  "openTime": "2017-10-26",
  "patchDescription": "Apache Struts\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u8d1f\u8d23\u7ef4\u62a4\u7684\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u662f\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u7ea7Java Web\u5e94\u7528\u7684\u5f00\u6e90MVC\u6846\u67b6\u3002Apache Struts 2\u662fApache Struts\u7684\u4e0b\u4e00\u4ee3\u4ea7\u54c1\uff0c\u662f\u5728Struts 1\u548cWebWork\u7684\u6280\u672f\u57fa\u7840\u4e0a\u8fdb\u884c\u4e86\u5408\u5e76\u7684\u5168\u65b0Struts 2\u6846\u67b6\u3002REST plugin\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5904\u7406\u4f20\u5165URL\u8bf7\u6c42\u7684\u63d2\u4ef6\u3002\r\n\r\nApache Struts 2.3.7\u7248\u672c\u81f32.3.33\u7248\u672c\u548c2.5\u7248\u672c\u548c2.5.12\u7248\u672c\u4e2d\u7684REST Plugin\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5e26\u6709\u7279\u5236XML\u8f7d\u8377\u7684\u6076\u610f\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Struts REST\u63d2\u4ef6\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Software Foundation Struts 2 \u003e=2.3.7\uff0c\u003c=2.3.33",
      "Apache Software Foundation Struts 2 \u003e=2.5\uff0c\u003c=2.5.12",
      "Apache struts \u003e=2.3.7\uff0c\u003c=2.3.33",
      "Apache struts \u003e=2.5\uff0c\u003c=2.5.12"
    ]
  },
  "referenceLink": "http://securitytracker.com/id/1039262",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-06",
  "title": "Apache Struts REST\u63d2\u4ef6\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GHSA-VWXJ-6M5M-RRVH

Vulnerability from github – Published: 2018-10-16 19:37 – Updated: 2022-04-26 19:02

Summary

The REST Plugin in Apache Struts is using an outdated XStream library

Details

The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-rest-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.34"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.5.12"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-rest-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-9793"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:58:41Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.",
  "id": "GHSA-vwxj-6m5m-rrvh",
  "modified": "2022-04-26T19:02:10Z",
  "published": "2018-10-16T19:37:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9793"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-vwxj-6m5m-rrvh"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180629-0001"
    },
    {
      "type": "WEB",
      "url": "https://struts.apache.org/docs/s2-051.html"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
    },
    {
      "type": "WEB",
      "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100611"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039262"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "The REST Plugin in Apache Struts is using an outdated XStream library"
}

CERTFR-2019-AVI-403

Vulnerability from certfr_avis - Published: 2019-08-20 - Updated: 2019-08-20

De multiples vulnérabilités ont été découvertes dans Apache Struts. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	Struts	Apache Struts versions antérieures à 2.5.17
	Apache	Struts	Apache Struts versions antérieures à 2.3.35

References

Title

Publication Time

GSD-2017-9793

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9793

Aliases

CVE-2017-9793

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9793",
    "description": "The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.",
    "id": "GSD-2017-9793",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-9793.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9793"
      ],
      "details": "The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.",
      "id": "GSD-2017-9793",
      "modified": "2023-12-13T01:21:07.775370Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2017-09-05T00:00:00",
        "ID": "CVE-2017-9793",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Struts",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.3.7 - 2.3.33"
                        },
                        {
                          "version_value": "2.5 - 2.5.12"
                        },
                        {
                          "version_value": "2.1.x series"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
          },
          {
            "name": "1039262",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039262"
          },
          {
            "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
          },
          {
            "name": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm",
            "refsource": "CONFIRM",
            "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20180629-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20180629-0001/"
          },
          {
            "name": "https://struts.apache.org/docs/s2-051.html",
            "refsource": "CONFIRM",
            "url": "https://struts.apache.org/docs/s2-051.html"
          },
          {
            "name": "100611",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100611"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.3-alpha0,2.3.33],[2.3.7,2.4-alpha0),[2.5-alpha0,2.5.12]",
          "affected_versions": "All versions starting from 2.3-alpha0 up to 2.3.33, all versions starting from 2.3.7 before 2.4-alpha0, all versions starting from 2.5-alpha0 up to 2.5.12",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2019-08-12",
          "description": "The REST Plugin in this package is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.",
          "fixed_versions": [
            "2.5.13"
          ],
          "identifier": "CVE-2017-9793",
          "identifiers": [
            "CVE-2017-9793"
          ],
          "not_impacted": "All versions before 2.3-alpha0, all versions after 2.3.33, all versions before 2.3.7, all versions starting from 2.5.12",
          "package_slug": "maven/org.apache.struts/struts2-core",
          "pubdate": "2017-09-20",
          "solution": "Upgrade to version 2.5.13 or above.",
          "title": "DoS attack via crafted XML payload processed by REST Plugin using XStream library",
          "urls": [
            "https://access.redhat.com/security/cve/CVE-2017-9793",
            "https://struts.apache.org/docs/s2-051.html"
          ],
          "uuid": "4a2e48f6-b027-4d58-9b90-3d7269706013"
        },
        {
          "affected_range": "[2.3.7,2.3.14.3],[2.3.15,2.3.15.3],[2.3.16,2.3.16.3], [2.3.17],[2.3.19,2.3.20.2],[2.3.21,2.3.23],[2.3.24.2,2.3.24.3], [2.3.25,2.3.28.1],[2.3.29,2.3.33],[2.5,2.5.10.1],[2.5.12]",
          "affected_versions": "All versions starting from 2.3.7 up to 2.3.14.3, all versions starting from 2.3.15 up to 2.3.15.3, all versions starting from 2.3.16 up to 2.3.16.3, version 2.3.17, all versions starting from 2.3.19 up to 2.3.20.2, all versions starting from 2.3.21 up to 2.3.23, all versions starting from 2.3.24.2 up to 2.3.24.3, all versions starting from 2.3.25 up to 2.3.28.1, all versions starting from 2.3.29 up to 2.3.33, all versions starting from 2.5 up to 2.5.10.1, version 2.5.12",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2019-08-12",
          "description": "The REST Plugin in Apache Struts uses an outdated XStream library which is vulnerable and allow to perform a DoS attack using malicious request with specially crafted XML payload.",
          "fixed_versions": [
            "2.3.20.3",
            "2.3.24",
            "2.3.34",
            "2.5.13"
          ],
          "identifier": "CVE-2017-9793",
          "identifiers": [
            "CVE-2017-9793"
          ],
          "not_impacted": "All versions before 2.3.7, all versions after 2.3.14.3 before 2.3.15, all versions after 2.3.15.3 before 2.3.16, all versions after 2.3.16.3 before 2.3.17, all versions after 2.3.17 before 2.3.19, all versions after 2.3.20.2 before 2.3.21, all versions after 2.3.23 before 2.3.24.2, all versions after 2.3.24.3 before 2.3.25, all versions after 2.3.28.1 before 2.3.29, all versions after 2.3.33 before 2.5, all versions after 2.5.10.1 before 2.5.12, all versions after 2.5.12",
          "package_slug": "maven/org.apache.struts/struts2-rest-plugin",
          "pubdate": "2017-09-20",
          "solution": "Upgrade to versions 2.3.20.3, 2.3.24, 2.3.34, 2.5.13 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-9793",
            "http://www.securityfocus.com/bid/100611",
            "http://www.securitytracker.com/id/1039262",
            "https://struts.apache.org/docs/s2-051.html"
          ],
          "uuid": "eab7698b-3646-4daf-bc76-80f433e74281"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2017-9793"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://struts.apache.org/docs/s2-051.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://struts.apache.org/docs/s2-051.html"
            },
            {
              "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",
              "refsource": "CISCO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
            },
            {
              "name": "1039262",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039262"
            },
            {
              "name": "100611",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100611"
            },
            {
              "name": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180629-0001/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20180629-0001/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-08-12T21:15Z",
      "publishedDate": "2017-09-20T17:29Z"
    }
  }
}

FKIE_CVE-2017-9793

Vulnerability from fkie_nvd - Published: 2017-09-20 17:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security@apache.org	http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm	Third Party Advisory
security@apache.org	http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html	Patch, Third Party Advisory
security@apache.org	http://www.securityfocus.com/bid/100611	Third Party Advisory, VDB Entry
security@apache.org	http://www.securitytracker.com/id/1039262	Third Party Advisory, VDB Entry
security@apache.org	https://security.netapp.com/advisory/ntap-20180629-0001/
security@apache.org	https://struts.apache.org/docs/s2-051.html	Patch, Vendor Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100611	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039262	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20180629-0001/
af854a3a-2127-422b-91ae-364da2661108	https://struts.apache.org/docs/s2-051.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2	Third Party Advisory

Impacted products

Vendor	Product	Version
apache	struts	2.3.7
apache	struts	2.3.8
apache	struts	2.3.9
apache	struts	2.3.10
apache	struts	2.3.11
apache	struts	2.3.12
apache	struts	2.3.13
apache	struts	2.3.14
apache	struts	2.3.14.1
apache	struts	2.3.14.2
apache	struts	2.3.14.3
apache	struts	2.3.15
apache	struts	2.3.15.1
apache	struts	2.3.15.2
apache	struts	2.3.15.3
apache	struts	2.3.16
apache	struts	2.3.16.1
apache	struts	2.3.16.2
apache	struts	2.3.16.3
apache	struts	2.3.17
apache	struts	2.3.19
apache	struts	2.3.20
apache	struts	2.3.20.1
apache	struts	2.3.20.2
apache	struts	2.3.21
apache	struts	2.3.22
apache	struts	2.3.23
apache	struts	2.3.24.2
apache	struts	2.3.24.3
apache	struts	2.3.25
apache	struts	2.3.26
apache	struts	2.3.27
apache	struts	2.3.28
apache	struts	2.3.28.1
apache	struts	2.3.29
apache	struts	2.3.30
apache	struts	2.3.31
apache	struts	2.3.32
apache	struts	2.3.33
apache	struts	2.5
apache	struts	2.5
apache	struts	2.5
apache	struts	2.5
apache	struts	2.5.1
apache	struts	2.5.2
apache	struts	2.5.3
apache	struts	2.5.4
apache	struts	2.5.5
apache	struts	2.5.6
apache	struts	2.5.7
apache	struts	2.5.8
apache	struts	2.5.9
apache	struts	2.5.10
apache	struts	2.5.10.1
apache	struts	2.5.12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "443B4E64-2A36-49C6-B09D-77B3BDF69709",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2481505C-4FD1-4195-9E10-9DD741498FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "910DCB81-63A8-4BBB-8897-A98A0F2AEEB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75F4616-4B4B-4CAB-968B-502179152D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3D12A0A-1DC5-47C7-9FF6-E8103C75FE76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "28ED63DB-2AAF-4BC9-A844-074EDF63C89A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C86232DA-90C7-43F8-99CC-C1BFB4BA3F9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A6CEED-6C43-4325-B36C-9F254CCDFDC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F43088-26AA-4890-A9D6-1B9B48D5F02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE6820E3-8FDF-4BDF-8B62-E604A91F1280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D25ED06A-F12C-443E-9B3F-FDDF52FE9D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "44527919-8403-42A8-9CE1-3B4F58630F34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB91D8A-14B8-4263-B90D-F776535F9B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB525941-7175-43C1-9F17-814F5F7C72CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10D559E-04A0-4002-947C-D3902138795B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "89203DD8-2C95-4546-9504-83654FFA5DBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB3D5644-CFAC-4FB5-A1FB-387F97876098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1225A0B0-C3F2-4579-BFE9-F8DB2CF596F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC883A7-0766-4857-ABC8-9DB4BA713650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3553904-BF3C-4636-947A-8AA16D4F38A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93CE807-D7C2-4865-ACF8-E366A6478B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FF6282-0BCA-46EB-9648-6EE3EDA189F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1467BC-9BC8-402D-A420-615CF9698648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12CE716B-867F-49CA-BDAF-194714D990C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6057D5-0787-4026-A202-ACD07C862F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B3AE8EA-4D25-4151-A210-ECDE802F8A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C615AE-4709-47EB-85F8-BD944096428E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39047809-4E6D-4670-B9BA-D8FD910E38EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "71823E13-1896-4EE4-A49C-CFFB717FFD80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "291F3624-8AB5-46F2-9BB5-F592DF1C9F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD053675-DE5E-40A8-B404-4F36AAC82502",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0392E61-6D77-43C3-8009-96BC0F90B8D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C778ADED-75B5-4AD3-8CDC-EFDFFAD5A742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "067F6249-CC5A-4402-843C-06D5F9F77267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AFA78DD-B60C-46AD-BCCB-4E15BB16BEDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA1EABE-5292-44C2-8327-54201A42F204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F327A6EA-69AF-4EB2-8F17-8011678FAB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "603FAA0C-0908-4105-BE3A-016B4A298264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5068CA-A472-47D2-A89F-A43EA8617874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "63CE1226-E0E6-4DC6-AC89-3FFDE6BD7B77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E17D62B8-349B-4F30-8849-6912828802C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D5E91133-D585-43F7-9093-94D735B3167E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "DD44FD72-ECE7-4E08-AD9E-5CE2C310C2C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4F914BA-CF16-4B03-A6A2-8C9816EC1248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C82970-62C9-4513-A66D-6BDA4048C27F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1A43CA5-46DE-4513-A309-BE3A60CD5489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D83D2FA-8931-45F8-82D6-DE270A2BA55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D284BF2-101C-490C-85CB-69D156D1FF77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BAD7A75-378F-4A0F-A10F-E4F7AF60F285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "56E43496-097F-4560-BFB1-BDDA4659F197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C720D6-312B-477C-A993-BEE39A7ADB4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "03367A87-9011-45F4-B534-DEA26F8D4567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF635DCE-D495-4166-9E25-1E48DDDF9AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "725DBE04-720B-421E-B76A-4EE92FEE171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F36F794-B949-40DB-986A-EDB0E6619100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload."
    },
    {
      "lang": "es",
      "value": "El Plugin REST en Apache Struts versiones 2.1.x, versiones 2.3.7 hasta 2.3.33 y versiones 2.5 hasta 2.5.12, est\u00e1 usando una biblioteca XStream obsoleta que es vulnerable y permite realizar un ataque de DoS usando una petici\u00f3n maliciosa con una carga \u00fatil XML especialmente dise\u00f1ada."
    }
  ],
  "id": "CVE-2017-9793",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-20T17:29:00.573",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100611"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039262"
    },
    {
      "source": "security@apache.org",
      "url": "https://security.netapp.com/advisory/ntap-20180629-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://struts.apache.org/docs/s2-051.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20180629-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://struts.apache.org/docs/s2-051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-9793

Vulnerability from fstec - Published: 07.09.2017

Title

Уязвимость библиотеки struts2-core программной платформы Apache Struts, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость библиотеки struts2-core программной платформы Apache Struts связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании с помощью специально сформированных XML-файлов

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Cisco Systems Inc., IBM Corp., Apache Software Foundation

Software Name

Cisco Video Distribution Suite for Internet Streaming, IBM Storwize V5000, Cisco Digital Media Manager, Cisco Media Experience Engine (MXE) 3500 Series, Cisco Hosted Collaboration Solution for Contact Center, Cisco Network Performance Analysis, Struts

Software Version

- (Cisco Video Distribution Suite for Internet Streaming), 7.8.1.10 (IBM Storwize V5000), - (Cisco Digital Media Manager), - (Cisco Media Experience Engine (MXE) 3500 Series), - (Cisco Hosted Collaboration Solution for Contact Center), - (Cisco Network Performance Analysis), до 2.5.12 включительно (Struts), до 2.3.33 включительно (Struts)

Possible Mitigations

Использование рекомендаций: Для программных продуктов Apache Software Foundation: https://cwiki.apache.org/confluence/display/WW/S2-051 Для программных продуктов Cisco Systems Inc.: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 Для IBM Storwize V5000: Компенсирующие меры: - использование средств межсетевого экранирования для ограничения возможности удалённого доступа; - использование виртуальных частных сетей для организации удаленного доступа (VPN).

Reference

https://cwiki.apache.org/confluence/display/WW/S2-051 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc., IBM Corp., Apache Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Cisco Video Distribution Suite for Internet Streaming), 7.8.1.10 (IBM Storwize V5000), - (Cisco Digital Media Manager), - (Cisco Media Experience Engine (MXE) 3500 Series), - (Cisco Hosted Collaboration Solution for Contact Center), - (Cisco Network Performance Analysis), \u0434\u043e 2.5.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Struts), \u0434\u043e 2.3.33 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Struts)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apache Software Foundation:\nhttps://cwiki.apache.org/confluence/display/WW/S2-051\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Cisco Systems Inc.:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2\n\n\u0414\u043b\u044f IBM Storwize V5000:\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.09.2017",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.10.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-08704",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-9793",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco Video Distribution Suite for Internet Streaming, IBM Storwize V5000, Cisco Digital Media Manager, Cisco Media Experience Engine (MXE) 3500 Series, Cisco Hosted Collaboration Solution for Contact Center, Cisco Network Performance Analysis, Struts",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 struts2-core \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Apache Struts, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 struts2-core \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Apache Struts \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 XML-\u0444\u0430\u0439\u043b\u043e\u0432",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cwiki.apache.org/confluence/display/WW/S2-051\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9793 (GCVE-0-2017-9793)

CNVD-2017-31532

GHSA-VWXJ-6M5M-RRVH

CERTFR-2019-AVI-403

Solution

GSD-2017-9793

FKIE_CVE-2017-9793

CVE-2017-9793

Tags

Sightings

Nomenclature