CVE ID
CVE-2017-9805
Vulnerability Name
Apache Struts Deserialization of Untrusted Data Vulnerability
- Project: Apache
- Product: Struts
Date
- Date Added: 2021-11-03
- Due Date: 2022-05-03
Description
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-9805
Related Security News
- From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools
- China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
Top comments (0)