1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Apache Struts Deserialization of Untrusted Data Vulnerability

Known Exploited Vulnerabilities CVE-2017-9805

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2017-9805 Apache Struts Deserialization of Untrusted Data Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2017-9805 is a deserialization vulnerability in the Apache Struts REST Plugin that could allow an attacker to execute arbitrary commands remotely on the affected systems by sending a specially crafted web request to the application.
References
  1. https://securityaffairs.com/62746/hacking/struts-cve-2017-9805-flaw.html
  2. https://www.rapid7.com/blog/post/2017/09/06/apache-struts-s2-052-cve-2017-9805-what-you-need-to-know/
CVE-2017-9805 Apache Struts Deserialization of Untrusted Data Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2017-9805 is a deserialization vulnerability in the Apache Struts REST Plugin that could allow an attacker to execute arbitrary commands remotely on the affected systems by sending a specially crafted web request to the application.
References
  1. https://www.rapid7.com/blog/post/2017/09/06/apache-struts-s2-052-cve-2017-9805-what-you-need-to-know/
  2. https://securityaffairs.com/62746/hacking/struts-cve-2017-9805-flaw.html