Vulnerability Description
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Struts | 2.3.7 |
Related Weaknesses (CWE)
References
- http://www.brocade.com/content/dam/common/documents/content-types/security-bulleThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.PatchThird Party Advisory
- http://www.securityfocus.com/bid/100611Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039262Third Party AdvisoryVDB Entry
- https://security.netapp.com/advisory/ntap-20180629-0001/
- https://struts.apache.org/docs/s2-051.htmlPatchVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Third Party Advisory
- http://www.brocade.com/content/dam/common/documents/content-types/security-bulleThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.PatchThird Party Advisory
- http://www.securityfocus.com/bid/100611Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039262Third Party AdvisoryVDB Entry
- https://security.netapp.com/advisory/ntap-20180629-0001/
- https://struts.apache.org/docs/s2-051.htmlPatchVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Third Party Advisory
FAQ
What is CVE-2017-9793?
CVE-2017-9793 is a vulnerability with a CVSS score of 7.5 (HIGH). The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with...
How severe is CVE-2017-9793?
CVE-2017-9793 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9793?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Struts.