CVE-2017-9791

Summary

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Struts2.1.x seriesaffected
Apache Software FoundationApache Struts2.3.x seriesaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References