Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-9805

UNKNOWN
Published 2017-09-15T19:00:00.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-9805. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
8.1
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.944
probability
of exploitation in the wild

There is a 94.4% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 1.000
Higher than 100.0% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Available Exploits

Apache Struts2 S2-052 - Remote Code Execution

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type of filtering, which can lead to remote code execution when deserializing XML payloads.

ID: CVE-2017-9805
Author: pikpikcu High

References:

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Struts

Affected Versions:

Apache Struts before 2.3.34 and 2.5.x before 2.5.13

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

May 3, 2022

Added to KEV

November 3, 2021

Required Action

Apply updates per vendor instructions.

Affected Product

Vendor/Project: Apache
Product: Struts

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.01.24 Released: January 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering

GHSA-gg9m-fj3v-r58c

Advisory Details

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Affected Packages

Maven org.apache.struts:struts2-rest-plugin
ECOSYSTEM: ≥2.1.1 <2.3.34
Maven org.apache.struts:struts2-rest-plugin
ECOSYSTEM: ≥2.5.0 <2.5.13

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-9805
WEB https://github.com/apache/struts/commit/19494718865f2fb7da5ea363de3822f87fbda26
WEB https://github.com/apache/struts/commit/6dd6e5cfb7b5e020abffe7e8091bd63fe97c10a
WEB https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1488482
WEB https://cwiki.apache.org/confluence/display/WW/S2-052
PACKAGE https://github.com/apache/struts
WEB https://lgtm.com/blog/apache_struts_CVE-2017-9805
WEB https://security.netapp.com/advisory/ntap-20170907-0001
WEB https://struts.apache.org/docs/s2-052.html
WEB https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
WEB https://web.archive.org/web/20170909031344/http://www.securityfocus.com/bid/100609
WEB https://web.archive.org/web/20170922053119/http://www.securitytracker.com/id/1039263
WEB https://www.exploit-db.com/exploits/42627
WEB https://www.kb.cert.org/vuls/id/112992
WEB http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
WEB http://www.securityfocus.com/bid/100609
WEB http://www.securitytracker.com/id/1039263

Advisory provided by GitHub Security Advisory Database. Published: October 16, 2018, Modified: February 7, 2025

References

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
https://struts.apache.org/docs/s2-052.html
http://www.securitytracker.com/id/1039263
http://www.securityfocus.com/bid/100609
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
https://bugzilla.redhat.com/show_bug.cgi?id=1488482
https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax
https://www.exploit-db.com/exploits/42627/
https://lgtm.com/blog/apache_struts_CVE-2017-9805
https://cwiki.apache.org/confluence/display/WW/S2-052
https://security.netapp.com/advisory/ntap-20170907-0001/
https://www.kb.cert.org/vuls/id/112992
Published: 2017-09-15T19:00:00.000Z
Last Modified: 2025-02-06T21:14:30.562Z
Copied to clipboard!