CVE-2017-9805
- Reference to the description:
- Description:
- The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
- Last updated date:
- 07/25/2024
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 07/23/2021
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/06/2017
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/07/2017
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/09/2017
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/10/2017
- Reference url to background
https://github.com/Lone-Ranger/apache-struts-pwn_CVE-2017-9805
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/24/2017
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/04/2017
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/10/2019
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/26/2020
- Reference url to background
https:/github.com/qazbnm456/awesome-cve-poc/blob/master/CVE-2017-9805.md
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/03/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/25/2024
- Reference url to background