Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

CVE-2017-9805

More InfoOfficial Page

Apache Struts Deserialization of Untrusted Data Vulnerability

ApacheStruts

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

Required Action

Apply updates per vendor instructions.

Related Information

Vendor/Project:The Apache Software FoundationApache
Product:Struts
CWE:
CWE-502
Used in Ransomware:Unknown

Timeline

Date Added:03 Nov, 2021
Due Date:03 May, 2022

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2017-9805
Details not found