← volver
CVE-2017-9793

CVE-2017-9793

EPSS 7.3%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 7.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
20 sep 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
Productos afectados
Apache Software Foundation · Apache Struts

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://security.netapp.com/advisory/ntap-20180629-0001/https://struts.apache.org/docs/s2-051.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.securityfocus.com/bid/100611http://www.securitytracker.com/id/1039262