Vulnerability-Lookup

CVE-2017-9805 (GCVE-0-2017-9805)

Vulnerability from cvelistv5 – Published: 2017-09-15 19:00 – Updated: 2025-10-21 23:55

Summary

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

apache

References

URL

Tags

	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://struts.apache.org/docs/s2-052.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039263	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/100609	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	https://bugzilla.redhat.com/show_bug.cgi?id=1488482	x_refsource_CONFIRM
	https://blogs.apache.org/foundation/entry/apache-…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/42627/	exploitx_refsource_EXPLOIT-DB
	https://lgtm.com/blog/apache_struts_CVE-2017-9805	x_refsource_MISC
	https://cwiki.apache.org/confluence/display/WW/S2-052	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2017090…	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/112992	third-party-advisoryx_refsource_CERT-VN

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Struts	Affected: Apache Struts before 2.3.34 and 2.5.x before 2.5.13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:18:01.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://struts.apache.org/docs/s2-052.html"
          },
          {
            "name": "1039263",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039263"
          },
          {
            "name": "100609",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100609"
          },
          {
            "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
          },
          {
            "name": "42627",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42627/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170907-0001/"
          },
          {
            "name": "VU#112992",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/112992"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-9805",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T21:07:51.564352Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9805"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:34.589Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9805"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00.000Z",
            "value": "CVE-2017-9805 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Struts",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Struts before 2.3.34 and 2.5.x before 2.5.13"
            }
          ]
        }
      ],
      "datePublic": "2017-09-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-12T20:45:53.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://struts.apache.org/docs/s2-052.html"
        },
        {
          "name": "1039263",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039263"
        },
        {
          "name": "100609",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100609"
        },
        {
          "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
        },
        {
          "name": "42627",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42627/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170907-0001/"
        },
        {
          "name": "VU#112992",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/112992"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2017-9805",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Struts",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Struts before 2.3.34 and 2.5.x before 2.5.13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "RCE"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
            },
            {
              "name": "https://struts.apache.org/docs/s2-052.html",
              "refsource": "CONFIRM",
              "url": "https://struts.apache.org/docs/s2-052.html"
            },
            {
              "name": "1039263",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039263"
            },
            {
              "name": "100609",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100609"
            },
            {
              "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
            },
            {
              "name": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax",
              "refsource": "CONFIRM",
              "url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
            },
            {
              "name": "42627",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42627/"
            },
            {
              "name": "https://lgtm.com/blog/apache_struts_CVE-2017-9805",
              "refsource": "MISC",
              "url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805"
            },
            {
              "name": "https://cwiki.apache.org/confluence/display/WW/S2-052",
              "refsource": "CONFIRM",
              "url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170907-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170907-0001/"
            },
            {
              "name": "VU#112992",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/112992"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-9805",
    "datePublished": "2017-09-15T19:00:00.000Z",
    "dateReserved": "2017-06-21T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:55:34.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2017-9805",
      "cwes": "[\"CWE-502\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-9805",
      "product": "Struts",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.",
      "vendorProject": "Apache",
      "vulnerabilityName": "Apache Struts Deserialization of Untrusted Data Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://struts.apache.org/docs/s2-052.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1039263\", \"name\": \"1039263\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/100609\", \"name\": \"100609\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2\", \"name\": \"20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1488482\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42627/\", \"name\": \"42627\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"https://lgtm.com/blog/apache_struts_CVE-2017-9805\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://cwiki.apache.org/confluence/display/WW/S2-052\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20170907-0001/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/112992\", \"name\": \"VU#112992\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T17:18:01.942Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-9805\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T21:07:51.564352Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9805\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2017-9805 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9805\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T21:07:49.250Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Struts\", \"versions\": [{\"status\": \"affected\", \"version\": \"Apache Struts before 2.3.34 and 2.5.x before 2.5.13\"}]}], \"datePublic\": \"2017-09-15T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://struts.apache.org/docs/s2-052.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id/1039263\", \"name\": \"1039263\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.securityfocus.com/bid/100609\", \"name\": \"100609\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2\", \"name\": \"20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1488482\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42627/\", \"name\": \"42627\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"https://lgtm.com/blog/apache_struts_CVE-2017-9805\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://cwiki.apache.org/confluence/display/WW/S2-052\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20170907-0001/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/112992\", \"name\": \"VU#112992\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"RCE\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2019-08-12T20:45:53.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Apache Struts before 2.3.34 and 2.5.x before 2.5.13\"}]}, \"product_name\": \"Apache Struts\"}]}, \"vendor_name\": \"Apache Software Foundation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://struts.apache.org/docs/s2-052.html\", \"name\": \"https://struts.apache.org/docs/s2-052.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id/1039263\", \"name\": \"1039263\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.securityfocus.com/bid/100609\", \"name\": \"100609\", \"refsource\": \"BID\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2\", \"name\": \"20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017\", \"refsource\": \"CISCO\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1488482\", \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1488482\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax\", \"name\": \"https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.exploit-db.com/exploits/42627/\", \"name\": \"42627\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"https://lgtm.com/blog/apache_struts_CVE-2017-9805\", \"name\": \"https://lgtm.com/blog/apache_struts_CVE-2017-9805\", \"refsource\": \"MISC\"}, {\"url\": \"https://cwiki.apache.org/confluence/display/WW/S2-052\", \"name\": \"https://cwiki.apache.org/confluence/display/WW/S2-052\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20170907-0001/\", \"name\": \"https://security.netapp.com/advisory/ntap-20170907-0001/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/112992\", \"name\": \"VU#112992\", \"refsource\": \"CERT-VN\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"RCE\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-9805\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@apache.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-9805\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:55:34.589Z\", \"dateReserved\": \"2017-06-21T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2017-09-15T19:00:00.000Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2017-9805

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9805

Aliases

CVE-2017-9805

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9805",
    "description": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.",
    "id": "GSD-2017-9805",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-9805.html",
      "https://packetstormsecurity.com/files/cve/CVE-2017-9805"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9805"
      ],
      "details": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.",
      "id": "GSD-2017-9805",
      "modified": "2023-12-13T01:21:07.880058Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2017-9805",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "product": "Struts",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 contains a vulnerability which can lead to Remote Code Execution.",
      "vendorProject": "Apache",
      "vulnerabilityName": "Apache Struts Multiple Versions Remote Code Execution Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2017-9805",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Struts",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Apache Struts before 2.3.34 and 2.5.x before 2.5.13"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "RCE"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
          },
          {
            "name": "https://struts.apache.org/docs/s2-052.html",
            "refsource": "CONFIRM",
            "url": "https://struts.apache.org/docs/s2-052.html"
          },
          {
            "name": "1039263",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039263"
          },
          {
            "name": "100609",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100609"
          },
          {
            "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
          },
          {
            "name": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax",
            "refsource": "CONFIRM",
            "url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
          },
          {
            "name": "42627",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/42627/"
          },
          {
            "name": "https://lgtm.com/blog/apache_struts_CVE-2017-9805",
            "refsource": "MISC",
            "url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805"
          },
          {
            "name": "https://cwiki.apache.org/confluence/display/WW/S2-052",
            "refsource": "CONFIRM",
            "url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20170907-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20170907-0001/"
          },
          {
            "name": "VU#112992",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/112992"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.5-alpha0,2.5.12],[2.1.2,2.2-alpha0),[2.2.1,2.3-alpha0),[2.3-alpha0,2.3.33]",
          "affected_versions": "All versions starting from 2.5-alpha0 up to 2.5.12, all versions starting from 2.1.2 before 2.2-alpha0, all versions starting from 2.2.1 before 2.3-alpha0, all versions starting from 2.3-alpha0 up to 2.3.33",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2019-08-12",
          "description": "The REST Plugin in this package uses an `XStreamHandler` with an instance of `XStream` for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.",
          "fixed_versions": [
            "2.3.34",
            "2.5.13"
          ],
          "identifier": "CVE-2017-9805",
          "identifiers": [
            "CVE-2017-9805"
          ],
          "not_impacted": "All versions before 2.5-alpha0, all versions after 2.5.12, all versions before 2.1.2, all versions starting from 2.3-alpha0",
          "package_slug": "maven/org.apache.struts/struts2-core",
          "pubdate": "2017-09-15",
          "solution": "Upgrade to versions 2.3.34, 2.5.13 or above.",
          "title": "RCE attack via REST plugin with XStream handler to deserialise XML requests",
          "urls": [
            "https://access.redhat.com/security/cve/CVE-2017-9805",
            "https://struts.apache.org/docs/s2-052.html"
          ],
          "uuid": "89b5fb8d-fe43-4eff-a831-d7fb71c039f0"
        },
        {
          "affected_range": "[2.1.2,2.1.6],[2.1.8,2.1.8.1],[2.2.1,2.2.1.1],[2.2.3,2.2.3.1], [2.3.1,2.3.1.2],[2.3.3,2.3.4.1],[2.3.7,2.3.8],[2.3.12],[2.3.14,2.3.14.3], [2.3.15,2.3.15.3],[2.3.16,2.3.16.3],[2.3.20,2.3.20.1],[2.3.20.3], [2.3.24,2.3.24.1],[2.3.24.3],[2.3.28,2.3.28.1],[2.3.29,2.3.33], [2.5.1,2.5.10.1],[2.5.11,2.5.12]",
          "affected_versions": "All versions starting from 2.1.2 up to 2.1.6, all versions starting from 2.1.8 up to 2.1.8.1, all versions starting from 2.2.1 up to 2.2.1.1, all versions starting from 2.2.3 up to 2.2.3.1, all versions starting from 2.3.1 up to 2.3.1.2, all versions starting from 2.3.3 up to 2.3.4.1, all versions starting from 2.3.7 up to 2.3.8, version 2.3.12, all versions starting from 2.3.14 up to 2.3.14.3, all versions starting from 2.3.15 up to 2.3.15.3, all versions starting from 2.3.16 up to 2.3.16.3, all versions starting from 2.3.20 up to 2.3.20.1, version 2.3.20.3, all versions starting from 2.3.24 up to 2.3.24.1, version 2.3.24.3, all versions starting from 2.3.28 up to 2.3.28.1, all versions starting from 2.3.29 up to 2.3.33, all versions starting from 2.5.1 up to 2.5.10.1, all versions starting from 2.5.11 up to 2.5.12",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2019-08-12",
          "description": "The REST Plugin in Apache Struts uses an `XStreamHandler` with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.",
          "fixed_versions": [
            "2.3.34",
            "2.5.13"
          ],
          "identifier": "CVE-2017-9805",
          "identifiers": [
            "CVE-2017-9805"
          ],
          "not_impacted": "All versions before 2.1.2, all versions after 2.1.6 before 2.1.8, all versions after 2.1.8.1 before 2.2.1, all versions after 2.2.1.1 before 2.2.3, all versions after 2.2.3.1 before 2.3.1, all versions after 2.3.1.2 before 2.3.3, all versions after 2.3.4.1 before 2.3.7, all versions after 2.3.8 before 2.3.12, all versions after 2.3.12 before 2.3.14, all versions after 2.3.14.3 before 2.3.15, all versions after 2.3.15.3 before 2.3.16, all versions after 2.3.16.3 before 2.3.20, all versions after 2.3.20.1 before 2.3.20.3, all versions after 2.3.20.3 before 2.3.24, all versions after 2.3.24.1 before 2.3.24.3, all versions after 2.3.24.3 before 2.3.28, all versions after 2.3.28.1 before 2.3.29, all versions after 2.3.33 before 2.5.1, all versions after 2.5.10.1 before 2.5.11, all versions after 2.5.12",
          "package_slug": "maven/org.apache.struts/struts2-rest-plugin",
          "pubdate": "2017-09-15",
          "solution": "Upgrade to versions 2.3.34, 2.5.13 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-9805",
            "http://www.securityfocus.com/bid/100609",
            "http://www.securitytracker.com/id/1039263",
            "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1488482",
            "https://cwiki.apache.org/confluence/display/WW/S2-052",
            "https://struts.apache.org/docs/s2-052.html",
            "https://www.exploit-db.com/exploits/42627/"
          ],
          "uuid": "4d4b5841-2f2e-411e-b972-7d0756646621"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2017-9805"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://struts.apache.org/docs/s2-052.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://struts.apache.org/docs/s2-052.html"
            },
            {
              "name": "https://cwiki.apache.org/confluence/display/WW/S2-052",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
            },
            {
              "name": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
            },
            {
              "name": "42627",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/42627/"
            },
            {
              "name": "1039263",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039263"
            },
            {
              "name": "100609",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100609"
            },
            {
              "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",
              "refsource": "CISCO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
            },
            {
              "name": "VU#112992",
              "refsource": "CERT-VN",
              "tags": [],
              "url": "https://www.kb.cert.org/vuls/id/112992"
            },
            {
              "name": "https://lgtm.com/blog/apache_struts_CVE-2017-9805",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170907-0001/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20170907-0001/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-08-12T21:15Z",
      "publishedDate": "2017-09-15T19:29Z"
    }
  }
}

GHSA-GG9M-FJ3V-R58C

Vulnerability from github – Published: 2018-10-16 19:37 – Updated: 2025-10-22 17:31

Summary

REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering

Details

Severity ?

8.1 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-rest-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.1"
            },
            {
              "fixed": "2.3.34"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-rest-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-9805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:37:16Z",
    "nvd_published_at": "2017-09-15T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.",
  "id": "GHSA-gg9m-fj3v-r58c",
  "modified": "2025-10-22T17:31:31Z",
  "published": "2018-10-16T19:37:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9805"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/struts/commit/19494718865f2fb7da5ea363de3822f87fbda26"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/struts/commit/6dd6e5cfb7b5e020abffe7e8091bd63fe97c10a"
    },
    {
      "type": "WEB",
      "url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
    },
    {
      "type": "WEB",
      "url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/struts"
    },
    {
      "type": "WEB",
      "url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20170907-0001"
    },
    {
      "type": "WEB",
      "url": "https://struts.apache.org/docs/s2-052.html"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20170909031344/http://www.securityfocus.com/bid/100609"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20170922053119/http://www.securitytracker.com/id/1039263"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9805"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42627"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/112992"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100609"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039263"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering"
}

CNVD-2017-25267

Vulnerability from cnvd - Published: 2017-09-06

Title

Apache Struts2 REST插件远程代码执行漏洞

Description

Struts2 是Apache软件基金会负责维护的一个基于MVC设计模式的Web应用框架开源项目。 Apache Struts2 REST插件存在远程代码执行漏洞，由于使用XStream组件对XML格式的数据包进行反序列化操作时，未对数据内容进行有效验证，导致攻击者可构造恶意的XML内容执行任意代码。

Severity

高

Patch Name

Apache Struts2 REST插件远程代码执行漏洞的补丁

Patch Description

Struts2 是Apache软件基金会负责维护的一个基于MVC设计模式的Web应用框架开源项目。 Apache Struts2 REST插件存在远程代码执行漏洞，由于使用XStream组件对XML格式的数据包进行反序列化操作时，未对数据内容进行有效验证，导致攻击者可构造恶意的XML内容执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

升级到Struts 2.5.13版本，补丁下载地址： https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.13

Reference

https://cwiki.apache.org/confluence/display/WW/S2-052

Impacted products

Name
Apache Struts2 >=2.5，<=2.5.12

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9805"
    }
  },
  "description": "Struts2 \u662fApache\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u8d1f\u8d23\u7ef4\u62a4\u7684\u4e00\u4e2a\u57fa\u4e8eMVC\u8bbe\u8ba1\u6a21\u5f0f\u7684Web\u5e94\u7528\u6846\u67b6\u5f00\u6e90\u9879\u76ee\u3002\r\n\r\nApache Struts2 REST\u63d2\u4ef6\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u7531\u4e8e\u4f7f\u7528XStream\u7ec4\u4ef6\u5bf9XML\u683c\u5f0f\u7684\u6570\u636e\u5305\u8fdb\u884c\u53cd\u5e8f\u5217\u5316\u64cd\u4f5c\u65f6\uff0c\u672a\u5bf9\u6570\u636e\u5185\u5bb9\u8fdb\u884c\u6709\u6548\u9a8c\u8bc1\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u6784\u9020\u6076\u610f\u7684XML\u5185\u5bb9\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Man Yue Mo",
  "formalWay": "\u5347\u7ea7\u5230Struts 2.5.13\u7248\u672c\uff0c\u8865\u4e01\u4e0b\u8f7d\u5730\u5740\uff1a\r\nhttps://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.13",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-25267",
  "openTime": "2017-09-06",
  "patchDescription": "Struts2 \u662fApache\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u8d1f\u8d23\u7ef4\u62a4\u7684\u4e00\u4e2a\u57fa\u4e8eMVC\u8bbe\u8ba1\u6a21\u5f0f\u7684Web\u5e94\u7528\u6846\u67b6\u5f00\u6e90\u9879\u76ee\u3002\r\n\r\nApache Struts2 REST\u63d2\u4ef6\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u7531\u4e8e\u4f7f\u7528XStream\u7ec4\u4ef6\u5bf9XML\u683c\u5f0f\u7684\u6570\u636e\u5305\u8fdb\u884c\u53cd\u5e8f\u5217\u5316\u64cd\u4f5c\u65f6\uff0c\u672a\u5bf9\u6570\u636e\u5185\u5bb9\u8fdb\u884c\u6709\u6548\u9a8c\u8bc1\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u6784\u9020\u6076\u610f\u7684XML\u5185\u5bb9\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Struts2 REST\u63d2\u4ef6\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Struts2 \u003e=2.5\uff0c\u003c=2.5.12"
  },
  "referenceLink": "https://cwiki.apache.org/confluence/display/WW/S2-052",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-06",
  "title": "Apache Struts2 REST\u63d2\u4ef6\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2017-9805

Vulnerability from fkie_nvd - Published: 2017-09-15 19:29 - Updated: 2025-10-22 00:16

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html	Patch, Third Party Advisory
security@apache.org	http://www.securityfocus.com/bid/100609	Broken Link, Third Party Advisory, VDB Entry
security@apache.org	http://www.securitytracker.com/id/1039263	Broken Link, Third Party Advisory, VDB Entry
security@apache.org	https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax	Vendor Advisory
security@apache.org	https://bugzilla.redhat.com/show_bug.cgi?id=1488482	Issue Tracking, Third Party Advisory, VDB Entry
security@apache.org	https://cwiki.apache.org/confluence/display/WW/S2-052	Mitigation, Vendor Advisory
security@apache.org	https://lgtm.com/blog/apache_struts_CVE-2017-9805	Broken Link
security@apache.org	https://security.netapp.com/advisory/ntap-20170907-0001/	Third Party Advisory
security@apache.org	https://struts.apache.org/docs/s2-052.html	Mitigation, Vendor Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2	Third Party Advisory
security@apache.org	https://www.exploit-db.com/exploits/42627/	Exploit, Third Party Advisory, VDB Entry
security@apache.org	https://www.kb.cert.org/vuls/id/112992	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100609	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039263	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1488482	Issue Tracking, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cwiki.apache.org/confluence/display/WW/S2-052	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lgtm.com/blog/apache_struts_CVE-2017-9805	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20170907-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://struts.apache.org/docs/s2-052.html	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42627/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/112992	Third Party Advisory, US Government Resource
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9805

Impacted products

Vendor	Product	Version
apache	struts	*
apache	struts	*
cisco	digital_media_manager	-
cisco	hosted_collaboration_solution	10.5\(1\)
cisco	hosted_collaboration_solution	11.0\(1\)
cisco	hosted_collaboration_solution	11.5\(1\)
cisco	hosted_collaboration_solution	11.6\(1\)
cisco	media_experience_engine	3.5
cisco	media_experience_engine	3.5.2
cisco	network_performance_analysis	-
cisco	video_distribution_suite_for_internet_streaming	-
netapp	oncommand_balance	-

JSON

To clipboard

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Apache Struts Deserialization of Untrusted Data Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13744BE3-2443-4640-BDB4-722C4D393B65",
              "versionEndExcluding": "2.3.34",
              "versionStartIncluding": "2.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B45E858-E783-4D6E-AFD3-97E9963EB05B",
              "versionEndExcluding": "2.5.13",
              "versionStartIncluding": "2.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:digital_media_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0B1E953-33EF-498D-AB75-4A0A7733BC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_solution:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CF4C9089-0F27-4C66-8E12-2BCAC148B7C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_solution:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7FCC3E9D-4D39-4530-A5FC-7E9A4E395D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_solution:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F972A2A1-3002-4086-8FA2-F231D4ED0B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_solution:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D52C5D91-33D1-4C90-BEC9-90D955AA5883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:media_experience_engine:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C3A3B2-B346-47F4-B987-0098AB95F939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:media_experience_engine:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87CCEC7F-058D-4202-88B3-F06372DFFA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_performance_analysis:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76D400A4-9918-494E-89B7-EAA57B2830D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_distribution_suite_for_internet_streaming:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "912F9C5E-AA5F-4746-AC49-D33C2495C73B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads."
    },
    {
      "lang": "es",
      "value": "El Plugin REST en Apache Struts versiones 2.1.1 hasta 2.3.x anteriores a 2.3.34 y versiones 2.5.x anteriores a 2.5.13, usa una XStreamHandler con una instancia de XStream para deserializaci\u00f3n sin ning\u00fan filtrado de tipos, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota cuando se deserializan cargas XML."
    }
  ],
  "id": "CVE-2017-9805",
  "lastModified": "2025-10-22T00:16:12.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2017-09-15T19:29:00.237",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100609"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039263"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170907-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://struts.apache.org/docs/s2-052.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42627/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/112992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20170907-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://struts.apache.org/docs/s2-052.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42627/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/112992"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9805"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2017-AVI-285

Vulnerability from certfr_avis - Published: 2017-09-06 - Updated: 2017-09-06

Une vulnérabilité a été corrigée dans Apache Struts. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apache Struts versions antérieures à 2.5.13

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9805 (GCVE-0-2017-9805)

GSD-2017-9805

GHSA-GG9M-FJ3V-R58C

CNVD-2017-25267

FKIE_CVE-2017-9805

CERTFR-2017-AVI-285

Solution

Tags

Sightings

Nomenclature