← voltar
CVE-2017-9793

CVE-2017-9793

EPSS 7.3%
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 7.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
20 set 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
Produtos afetados
Apache Software Foundation · Apache Struts

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://security.netapp.com/advisory/ntap-20180629-0001/https://struts.apache.org/docs/s2-051.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.securityfocus.com/bid/100611http://www.securitytracker.com/id/1039262