ID

VAR-201709-1229


CVE

CVE-2017-9805


TITLE

Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data

Trust: 0.8

sources: CERT/CC: VU#112992

DESCRIPTION

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. Apache Struts 2 framework, versions 2.5 to 2.5.12, with REST plugin insecurely deserializes untrusted XML data. A remote, unauthenticated attacker can leverage this vulnerability to execute arbitrary code in the context of the Struts application. Apache Struts2 Contains a vulnerability that allows arbitrary code execution (S2-052) Exists. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Apache Struts 2.1.2 through 2.3.33 and 2.5 through 2.5.12 are vulnerable

Trust: 4.32

sources: NVD: CVE-2017-9805 // CERT/CC: VU#112992 // JVNDB: JVNDB-2017-006931 // BID: 99562 // BID: 99563 // BID: 99484 // BID: 100612 // BID: 100611 // BID: 100609 // BID: 100829 // VULMON: CVE-2017-9805

AFFECTED PRODUCTS

vendor:oraclemodel:weblogic serverscope:eqversion:10.3.60

Trust: 2.1

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3

Trust: 2.1

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.2

Trust: 2.1

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.1

Trust: 2.1

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.0

Trust: 2.1

vendor:oraclemodel:weblogic serverscope:eqversion:12.1.3.0

Trust: 2.1

vendor:oraclemodel:siebel applicationsscope:eqversion:7.1

Trust: 2.1

vendor:oraclemodel:siebel applicationsscope:eqversion:6.2

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1182

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.2.4181

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.1

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.0

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.4.3247

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.3.1199

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.2.1162

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.0.1098

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.8.2223

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.7.1204

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.5.1141

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.4.1102

Trust: 2.1

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1.1049

Trust: 2.1

vendor:oraclemodel:micros retail xbri loss preventionscope:eqversion:10.8.1

Trust: 2.1

vendor:oraclemodel:micros retail xbri loss preventionscope:eqversion:10.8

Trust: 2.1

vendor:oraclemodel:micros retail xbri loss preventionscope:eqversion:10.7

Trust: 2.1

vendor:oraclemodel:micros retail xbri loss preventionscope:eqversion:10.6

Trust: 2.1

vendor:oraclemodel:micros retail xbri loss preventionscope:eqversion:10.5

Trust: 2.1

vendor:oraclemodel:micros retail xbri loss preventionscope:eqversion:10.0.1

Trust: 2.1

vendor:oraclemodel:insurance performance insight for general insurancescope:eqversion:8.0

Trust: 2.1

vendor:oraclemodel:insurance data foundationscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:insurance data foundationscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:insurance data foundationscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:insurance data foundationscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:insurance data foundationscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1

Trust: 2.1

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.3

Trust: 2.1

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.2

Trust: 2.1

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.1

Trust: 2.1

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0

Trust: 2.1

vendor:oraclemodel:flexcube private bankingscope:eqversion:2.2

Trust: 2.1

vendor:oraclemodel:flexcube private bankingscope:eqversion:3.0

Trust: 2.1

vendor:oraclemodel:financial services retail performance analyticsscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services retail performance analyticsscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services retail performance analyticsscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services retail performance analyticsscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services retail performance analyticsscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services retail performance analyticsscope:eqversion:8.0

Trust: 2.1

vendor:oraclemodel:financial services retail customer analyticsscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services retail customer analyticsscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services retail customer analyticsscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services retail customer analyticsscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services retail customer analyticsscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services retail customer analyticsscope:eqversion:8.0

Trust: 2.1

vendor:oraclemodel:financial services profitability managementscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services profitability managementscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services profitability managementscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services profitability managementscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services profitability managementscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services profitability managementscope:eqversion:6.1.1

Trust: 2.1

vendor:oraclemodel:financial services profitability managementscope:eqversion:6.1

Trust: 2.1

vendor:oraclemodel:financial services profitability managementscope:eqversion:6.0

Trust: 2.1

vendor:oraclemodel:financial services pricing managementscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services pricing managementscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services pricing managementscope:eqversion:8.0

Trust: 2.1

vendor:oraclemodel:financial services price creation and discoveryscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services price creation and discoveryscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services price creation and discoveryscope:eqversion:8.0

Trust: 2.1

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:1.5.1

Trust: 2.1

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:1.5

Trust: 2.1

vendor:oraclemodel:financial services liquidity risk managementscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services liquidity risk managementscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services liquidity risk managementscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services institutional performance analyticsscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services institutional performance analyticsscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services institutional performance analyticsscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services institutional performance analyticsscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services institutional performance analyticsscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services institutional performance analyticsscope:eqversion:8.0

Trust: 2.1

vendor:oraclemodel:financial services icaap analyticsscope:eqversion:8.0

Trust: 2.1

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:eqversion:6.1.1

Trust: 2.1

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:6.1.1

Trust: 2.1

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:6.1

Trust: 2.1

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:6.0

Trust: 2.1

vendor:oraclemodel:financial services enterprise financial performance analyticsscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services enterprise financial performance analyticsscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services enterprise financial performance analyticsscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services enterprise financial performance analyticsscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services enterprise financial performance analyticsscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services enterprise financial performance analyticsscope:eqversion:8.0

Trust: 2.1

vendor:oraclemodel:financial services data integration hubscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services data integration hubscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services data integration hubscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services data integration hubscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services data foundationscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services data foundationscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services data foundationscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services data foundationscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services data foundationscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services data foundationscope:eqversion:7.4

Trust: 2.1

vendor:oraclemodel:financial services data foundationscope:eqversion:7.3

Trust: 2.1

vendor:oraclemodel:financial services basel regulatory capital internal ratings basscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services basel regulatory capital internal ratings basscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services basel regulatory capital internal ratings basscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services basel regulatory capital internal ratings basscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services basel regulatory capital basicscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services basel regulatory capital basicscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services basel regulatory capital basicscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services basel regulatory capital basicscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services asset liability managementscope:eqversion:8.0.5

Trust: 2.1

vendor:oraclemodel:financial services asset liability managementscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services asset liability managementscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services asset liability managementscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services asset liability managementscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services asset liability managementscope:eqversion:6.1.1

Trust: 2.1

vendor:oraclemodel:financial services asset liability managementscope:eqversion:6.1

Trust: 2.1

vendor:oraclemodel:financial services asset liability managementscope:eqversion:6.0

Trust: 2.1

vendor:oraclemodel:financial services analytical applications reconciliationscope:eqversion:8.0.4

Trust: 2.1

vendor:oraclemodel:financial services analytical applications reconciliationscope:eqversion:8.0.3

Trust: 2.1

vendor:oraclemodel:financial services analytical applications reconciliationscope:eqversion:8.0.2

Trust: 2.1

vendor:oraclemodel:financial services analytical applications reconciliationscope:eqversion:8.0.1

Trust: 2.1

vendor:oraclemodel:financial services analytical applications reconciliationscope:eqversion:8.0

Trust: 2.1

vendor:oraclemodel:financial services analytical applications reconciliationscope:eqversion:3.5.1

Trust: 2.1

vendor:oraclemodel:financial services analytical applications reconciliationscope:eqversion:3.5

Trust: 2.1

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:7.3

Trust: 2.1

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:7.2

Trust: 2.1

vendor:oraclemodel:communications policy managementscope:eqversion:12.1.1

Trust: 2.1

vendor:oraclemodel:communications policy managementscope:eqversion:12.1

Trust: 2.1

vendor:oraclemodel:communications policy managementscope:eqversion:11.5

Trust: 2.1

vendor:oraclemodel:communications policy managementscope:eqversion:12.2

Trust: 2.1

vendor:oraclemodel:siebel applicationsscope:eqversion:16.1

Trust: 1.8

vendor:apachemodel:strutsscope:eqversion:2.5.8

Trust: 1.8

vendor:apachemodel:strutsscope:eqversion:2.5.7

Trust: 1.8

vendor:apachemodel:strutsscope:eqversion:2.5.5

Trust: 1.8

vendor:apachemodel:strutsscope:eqversion:2.5.2

Trust: 1.8

vendor:apachemodel:strutsscope:eqversion:2.5.10

Trust: 1.8

vendor:apachemodel:strutsscope:eqversion:2.5.1

Trust: 1.8

vendor:apachemodel:strutsscope:eqversion:2.5

Trust: 1.8

vendor:apachemodel:strutsscope:eqversion:2.3.31

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.30

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.28

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.24

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.8

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.7

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.32

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.29

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.20

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.16

Trust: 1.5

vendor:apachemodel:strutsscope:eqversion:2.3.15

Trust: 1.5

vendor:ciscomodel:network performance analysisscope:eqversion:0

Trust: 1.2

vendor:ciscomodel:mxe series media experience enginesscope:eqversion:35000

Trust: 1.2

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.5.9

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.5.6

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.5.4

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.5.3

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.33

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.28.1

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.24.3

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.24.2

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.24.1

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.20.3

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.20.2

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.20.1

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.16.3

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.16.2

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.16.1

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.15.3

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.15.2

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.15.1

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.14.3

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.14.2

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.14.1

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.3.14

Trust: 1.2

vendor:apachemodel:strutsscope:neversion:2.3.34

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.2.3

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.1.8

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.1.6

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.1.5

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.1.2

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.1.4

Trust: 1.2

vendor:apachemodel:strutsscope:eqversion:2.1.3

Trust: 1.2

vendor:apachemodel:strutsscope:gteversion:2.1.2

Trust: 1.0

vendor:ciscomodel:hosted collaboration solutionscope:eqversion:11.0\(1\)

Trust: 1.0

vendor:apachemodel:strutsscope:ltversion:2.3.34

Trust: 1.0

vendor:ciscomodel:video distribution suite for internet streamingscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:digital media managerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:network performance analysisscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:media experience enginescope:eqversion:3.5

Trust: 1.0

vendor:ciscomodel:media experience enginescope:eqversion:3.5.2

Trust: 1.0

vendor:apachemodel:strutsscope:ltversion:2.5.13

Trust: 1.0

vendor:ciscomodel:hosted collaboration solutionscope:eqversion:10.5\(1\)

Trust: 1.0

vendor:ciscomodel:hosted collaboration solutionscope:eqversion:11.6\(1\)

Trust: 1.0

vendor:ciscomodel:hosted collaboration solutionscope:eqversion:11.5\(1\)

Trust: 1.0

vendor:netappmodel:oncommand balancescope:eqversion: -

Trust: 1.0

vendor:apachemodel:strutsscope:gteversion:2.5.0

Trust: 1.0

vendor:apachemodel:strutsscope:eqversion:2.5.10.1

Trust: 0.9

vendor:apachemodel:strutsscope:neversion:2.5.12

Trust: 0.9

vendor:apachemodel:strutsscope:eqversion:2.3.5

Trust: 0.9

vendor:apachemodel:strutsscope:eqversion:2.3.4

Trust: 0.9

vendor:apachemodel:strutsscope:eqversion:2.3.1

Trust: 0.9

vendor:ciscomodel:video distribution suite for internet streamingscope:eqversion:0

Trust: 0.9

vendor:ciscomodel:unified intelligent contact management enterprisescope:eqversion:0

Trust: 0.9

vendor:ciscomodel:unified contact center enterprisescope:eqversion:0

Trust: 0.9

vendor:ciscomodel:hosted collaboration solution for contact centerscope:eqversion:0

Trust: 0.9

vendor:apachemodel:strutsscope:eqversion:2.5.12

Trust: 0.9

vendor:apachemodel:strutsscope:eqversion:2.5.11

Trust: 0.9

vendor:apachemodel:strutsscope:neversion:2.5.13

Trust: 0.9

vendor:apache strutsmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:strutsscope:lteversion:2.1.2 from 2.3.33

Trust: 0.8

vendor:apachemodel:strutsscope:lteversion:2.5 from 2.5.12

Trust: 0.8

vendor:apachemodel:strutsscope:eqversion:2.3.41

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.2.11

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.2

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.1.1

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.1.2

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.3.1.1

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.2.3.1

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.2.1

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.1.8.1

Trust: 0.6

vendor:apachemodel:strutsscope:eqversion:2.2.1.1

Trust: 0.6

vendor:xstreammodel:xstreamscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:siebel applicationsscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:flexcube private bankingscope:eqversion:2.1

Trust: 0.3

vendor:oraclemodel:flexcube private bankingscope:eqversion:2.0

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.12

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.10

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.2

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.8

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.1

Trust: 0.3

vendor:ciscomodel:video distribution suite for internet streaming vds-isscope:eqversion:0

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.4

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.3

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.13

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.11

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.6

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.1

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.7

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.5

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.14

Trust: 0.3

vendor:apachemodel:strutsscope:eqversion:2.0.9

Trust: 0.3

sources: CERT/CC: VU#112992 // BID: 99562 // BID: 99563 // BID: 99484 // BID: 100612 // BID: 100611 // BID: 100609 // BID: 100829 // JVNDB: JVNDB-2017-006931 // CNNVD: CNNVD-201706-914 // NVD: CVE-2017-9805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9805
value: HIGH

Trust: 1.0

NVD: CVE-2017-9805
value: HIGH

Trust: 0.8

IPA: JVNDB-2017-006931
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-914
value: HIGH

Trust: 0.6

VULMON: CVE-2017-9805
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-9805
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2017-9805
severity: HIGH
baseScore: 10.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-006931
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2017-9805
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2017-006931
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CERT/CC: VU#112992 // VULMON: CVE-2017-9805 // JVNDB: JVNDB-2017-006931 // CNNVD: CNNVD-201706-914 // NVD: CVE-2017-9805

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.0

sources: NVD: CVE-2017-9805

THREAT TYPE

network

Trust: 2.1

sources: BID: 99562 // BID: 99563 // BID: 99484 // BID: 100612 // BID: 100611 // BID: 100609 // BID: 100829

TYPE

Failure to Handle Exceptional Conditions

Trust: 1.2

sources: BID: 99562 // BID: 99563 // BID: 100612 // BID: 100611

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006931

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#112992 // VULMON: CVE-2017-9805

PATCH

title:Announcements - 05 September 2017 - Struts 2.5.13 General Availabilityurl:https://struts.apache.org/announce.html

Trust: 0.8

title:S2-050: A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047)url:https://struts.apache.org/docs/s2-050.html

Trust: 0.8

title:S2-051: A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST pluginurl:https://struts.apache.org/docs/s2-051.html

Trust: 0.8

title:S2-052: Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloadsurl:https://cwiki.apache.org/confluence/display/WW/S2-052

Trust: 0.8

title:Apache Struts REST plugin Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96764

Trust: 0.6

title:Red Hat: CVE-2017-9805url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-9805

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170907-struts2

Trust: 0.1

title:Brocade Security Advisories: BSA-2017-427url:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=a001b1600f58e0e70253dc5b53eaa134

Trust: 0.1

title:Oracle: Oracle Security Alert Advisory - CVE-2017-9805url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=6b1cb2cef1b849b4466dd22ab18f80c9

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a

Trust: 0.1

title:S2-052url:https://github.com/iBearcat/S2-052

Trust: 0.1

sources: VULMON: CVE-2017-9805 // JVNDB: JVNDB-2017-006931 // CNNVD: CNNVD-201706-914

EXTERNAL IDS

db:NVDid:CVE-2017-9805

Trust: 5.4

db:CERT/CCid:VU#112992

Trust: 3.5

db:BIDid:100609

Trust: 1.9

db:SECTRACKid:1039263

Trust: 1.6

db:EXPLOIT-DBid:42627

Trust: 1.6

db:JVNid:JVNVU92761484

Trust: 0.8

db:JVNDBid:JVNDB-2017-006931

Trust: 0.8

db:CNNVDid:CNNVD-201706-914

Trust: 0.6

db:BIDid:99562

Trust: 0.3

db:BIDid:99563

Trust: 0.3

db:BIDid:99484

Trust: 0.3

db:BIDid:100612

Trust: 0.3

db:BIDid:100611

Trust: 0.3

db:BIDid:100829

Trust: 0.3

db:VULMONid:CVE-2017-9805

Trust: 0.1

sources: CERT/CC: VU#112992 // VULMON: CVE-2017-9805 // BID: 99562 // BID: 99563 // BID: 99484 // BID: 100612 // BID: 100611 // BID: 100609 // BID: 100829 // JVNDB: JVNDB-2017-006931 // CNNVD: CNNVD-201706-914 // NVD: CVE-2017-9805

REFERENCES

url:https://struts.apache.org/docs/s2-052.html

Trust: 2.7

url:https://www.kb.cert.org/vuls/id/112992

Trust: 2.7

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170907-struts2

Trust: 2.5

url:https://lgtm.com/blog/apache_struts_cve-2017-9805

Trust: 2.4

url:http://struts.apache.org/

Trust: 2.1

url:http://www.oracle.com/technetwork/security-advisory/cve-2017-9805-products-3905487.html

Trust: 2.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1488482

Trust: 1.9

url:http://www.securitytracker.com/id/1039263

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20170907-0001/

Trust: 1.6

url:http://www.securityfocus.com/bid/100609

Trust: 1.6

url:https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax

Trust: 1.6

url:http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

Trust: 1.6

url:https://www.exploit-db.com/exploits/42627/

Trust: 1.6

url:https://cwiki.apache.org/confluence/display/ww/s2-052

Trust: 1.6

url:http://httpd.apache.org/

Trust: 1.2

url:https://cwe.mitre.org/data/definitions/502.html

Trust: 0.8

url:https://github.com/rapid7/metasploit-framework/pull/8924/files

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9805

Trust: 0.8

url:https://www.jpcert.or.jp/at/2017/at170033.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu92761484/index.html

Trust: 0.8

url:http://www.apache.org/

Trust: 0.6

url:http://struts.apache.org/docs/s2-049.html

Trust: 0.3

url:http://struts.apache.org/docs/s2-047.html

Trust: 0.3

url:http://struts.apache.org/announce.html#a20170707

Trust: 0.3

url:http://struts.apache.org/docs/s2-048.html

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1488491

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-9804

Trust: 0.3

url:https://struts.apache.org/docs/s2-050.html

Trust: 0.3

url:https://struts.apache.org/docs/s2-051.html

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-9793

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1488481

Trust: 0.3

url:https://lgtm.com/blog/apache_struts_cve-2017-9805_announcement

Trust: 0.3

url:https://struts.apache.org/docs/version-notes-2513.html

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-9805

Trust: 0.3

url:https://struts.apache.org/docs/s2-053.html

Trust: 0.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170909-struts2-rce

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-12611

Trust: 0.3

sources: CERT/CC: VU#112992 // BID: 99562 // BID: 99563 // BID: 99484 // BID: 100612 // BID: 100611 // BID: 100609 // BID: 100829 // JVNDB: JVNDB-2017-006931 // CNNVD: CNNVD-201706-914 // NVD: CVE-2017-9805

CREDITS

Yasser Zamani

Trust: 0.3

sources: BID: 99562

SOURCES

db:CERT/CCid:VU#112992
db:VULMONid:CVE-2017-9805
db:BIDid:99562
db:BIDid:99563
db:BIDid:99484
db:BIDid:100612
db:BIDid:100611
db:BIDid:100609
db:BIDid:100829
db:JVNDBid:JVNDB-2017-006931
db:CNNVDid:CNNVD-201706-914
db:NVDid:CVE-2017-9805

LAST UPDATE DATE

2024-09-09T22:52:27.398000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#112992date:2017-09-06T00:00:00
db:VULMONid:CVE-2017-9805date:2019-08-12T00:00:00
db:BIDid:99562date:2017-09-27T15:00:00
db:BIDid:99563date:2017-09-27T15:00:00
db:BIDid:99484date:2017-09-27T15:00:00
db:BIDid:100612date:2017-09-27T15:00:00
db:BIDid:100611date:2017-09-27T15:00:00
db:BIDid:100609date:2017-09-27T10:00:00
db:BIDid:100829date:2017-09-27T15:00:00
db:JVNDBid:JVNDB-2017-006931date:2017-09-08T00:00:00
db:CNNVDid:CNNVD-201706-914date:2019-08-15T00:00:00
db:NVDid:CVE-2017-9805date:2024-07-25T13:40:54.857

SOURCES RELEASE DATE

db:CERT/CCid:VU#112992date:2017-09-06T00:00:00
db:VULMONid:CVE-2017-9805date:2017-09-15T00:00:00
db:BIDid:99562date:2017-07-13T00:00:00
db:BIDid:99563date:2017-07-13T00:00:00
db:BIDid:99484date:2017-07-07T00:00:00
db:BIDid:100612date:2017-09-05T00:00:00
db:BIDid:100611date:2017-09-05T00:00:00
db:BIDid:100609date:2017-09-05T00:00:00
db:BIDid:100829date:2017-09-07T00:00:00
db:JVNDBid:JVNDB-2017-006931date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201706-914date:2017-06-22T00:00:00
db:NVDid:CVE-2017-9805date:2017-09-15T19:29:00.237