Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
Description: The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering and this can lead to Remote Code Execution when deserializing XML payloads.
Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Apache Struts 2.5 through 2.5.12 are vulnerable.
Mitigation: Updates are available. Please check specific vendor advisory for more information.
Press release April 2023: Situational Security Alerts from CIRT
21 Apr 2023 - Articles, English articles, News, Notice, Security Advisories & Alerts
Security Best Practices
29 Mar 2023 - Security Advisories & Alerts