Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
Description: The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering and this can lead to Remote Code Execution when deserializing XML payloads.
Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Apache Struts 2.5 through 2.5.12 are vulnerable.
Mitigation: Updates are available. Please check specific vendor advisory for more information.
18 Nov 2020 - Security Advisories & Alerts