CVE-2017-9793

Summary

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Struts2.3.7 - 2.3.33affected
Apache Software FoundationApache Struts2.5 - 2.5.12affected
Apache Software FoundationApache Struts2.1.x seriesaffected

Weaknesses

  • A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin

ADP Enrichment

CVE Program Container

Additional References

References