CVE-2017-9805Apache Struts Deserialization of Untrusted Data Vulnerability

PUBLISHEDvulnerability record
2021-11-03 · last modified June 21, 2025

Metadata

CVE ID:
CVE-2017-9805
项目:
Apache
产品:
Struts
添加日期:
2021-11-03
到期日:
2022-05-03
最后更新:
June 21, 2025

漏洞名称

Apache Struts Deserialization of Untrusted Data Vulnerability

描述

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

已知用于勒索软件活动吗?

勒索软件状态:
Unknown

采集行动

Apply updates per vendor instructions.

其他说明

相关新闻文章

相关 CWE