CVE-2017-9791
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9424
Percentile
1,0th
Updated
EPSS Score Trend (Last 91 Days)
20
Improper Input Validation
StableCommon Consequences
Security Scopes Affected:
Availability
Confidentiality
Integrity
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Read Memory
Read Files Or Directories
Modify Memory
Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
Exploit
Apache Struts 2.3.x Showcase - Remote Code Execution
VerifiedApache Struts 2.3.x Showcase - Remote Code Execution
View Exploit Code →
Exploit
Apache Struts 2 - Struts 1 Plugin Showcase …
Verified RemoteApache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)
View Exploit Code →
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Struts by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017…
https://security.netapp.com/advisory/ntap-20180706-0002/
http://struts.apache.org/docs/s2-048.html
https://www.exploit-db.com/exploits/42324/
https://www.exploit-db.com/exploits/44643/
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403…
http://www.securityfocus.com/bid/99484
http://www.securitytracker.com/id/1038838
https://security.netapp.com/advisory/ntap-20180706-0002/
http://struts.apache.org/docs/s2-048.html
https://www.exploit-db.com/exploits/42324/
https://www.exploit-db.com/exploits/44643/
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403…
http://www.securityfocus.com/bid/99484
http://www.securitytracker.com/id/1038838