CVE-2017-9787

8 documents6 sources
Severity
7.5HIGH
EPSS
8.2%
top 7.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache StrutsApache Struts
Timeline
PublishedJul 13
Latest updateOct 16

Description

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.struts:struts2-core2.3.72.3.33+1
NVDapache/struts53 versions+52
CVEListV5apache_software_foundation/apache_struts2.3.x prior to 2.3.33, 2.5 to 2.5.10.1+1

🔴Vulnerability Details

3
OSV
Spring AOP functionality (Struts) vulnerable to DoS attack2018-10-16
GHSA
Spring AOP functionality (Struts) vulnerable to DoS attack2018-10-16
CVEList
CVE-2017-9787: When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack2017-07-13

📋Vendor Advisories

1
Red Hat
struts: Denial of service when using a Spring AOP functionality2017-08-11

💬Community

3
Bugzilla
CVE-2017-9787 struts: Denial of service when using a Spring AOP functionality [epel-7]2017-08-11
Bugzilla
CVE-2017-9787 struts: Denial of service when using a Spring AOP functionality [fedora-all]2017-08-11
Bugzilla
CVE-2017-9787 struts: Denial of service when using a Spring AOP functionality2017-08-11
CVE-2017-9787 (HIGH CVSS 7.5) | When using a Spring AOP functionali | cvebase.io