CVE-2017-9793

CWE-20Improper Input ValidationCWE-3999 documents7 sources
Severity
7.5HIGH
EPSS
7.9%
top 7.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache StrutsApache Struts
Timeline
PublishedSep 20
Latest updateOct 16

Description

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.struts:struts2-rest-plugin2.5.02.5.13+1
NVDapache/struts52 versions+51
CVEListV5apache_software_foundation/apache_struts2.1.x series, 2.3.7 - 2.3.33, 2.5 - 2.5.12+2

Patches

Patch: www.oracle.comPatch: struts.apache.orgPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
The REST Plugin in Apache Struts is using an outdated XStream library2018-10-16
OSV
The REST Plugin in Apache Struts is using an outdated XStream library2018-10-16
CVEList
CVE-2017-9793: The REST Plugin in Apache Struts 22017-09-20

📋Vendor Advisories

2
Cisco
Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 20172017-09-07
Red Hat
struts: DoS attack via crafted XML payload processed by REST Plugin using XStream library2017-09-05

💬Community

3
Bugzilla
CVE-2017-9793 CVE-2017-9805 struts: various flaws [epel-7]2017-09-05
Bugzilla
CVE-2017-9793 CVE-2017-9805 struts: various flaws [fedora-all]2017-09-05
Bugzilla
CVE-2017-9793 struts: DoS attack via crafted XML payload processed by REST Plugin using XStream library2017-09-05
CVE-2017-9793 (HIGH CVSS 7.5) | The REST Plugin in Apache Struts 2. | cvebase.io