Russian Vulnerability Scanner Database

Back to List

CVE-2017-9805

Scores

EPSS

0.943high94.3%
0%20%40%60%80%100%

Percentile: 94.3%

CVSS

8.1high3.x
0246810

CVSS Score: 8.1/10

All CVSS Scores

CVSS 3.x
8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdubuntu

CWEs

CWE-20CWE-502

Related Vulnerabilities

BDU:2017-02058

Exploits

Exploit ID: CVE-2017-9805

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Exploit ID: 42627

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42627

Vulnerable Software (10)

Type: Configuration

Product: libstruts1.2-java

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: libstruts1.2-java

Operating System: debian wheezy 7

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: libstruts1.2-java

Operating System: ubuntu trusty 14.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Vendor: *

Product: digital_media_manager

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:cisco:digital_media_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:cisco:hosted_collaboration_soluti...

Source: nvd

Type: Configuration

Vendor: *

Product: hosted_collaboration_solution

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:cisco:digital_media_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:cisco:hosted_collaboration_soluti...

Source: nvd

Type: Configuration

Vendor: *

Product: media_experience_engine

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:cisco:digital_media_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:cisco:hosted_collaboration_soluti...

Source: nvd

Type: Configuration

Vendor: *

Product: network_performance_analysis

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:cisco:digital_media_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:cisco:hosted_collaboration_soluti...

Source: nvd

Type: Configuration

Vendor: *

Product: oncommand_balance

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: struts

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",      "versionEndExcluding": "2.3.34",      "versionStartIncluding": "2.1.2",      "vulnerable": true    },   ...

Source: nvd

Type: Configuration

Vendor: *

Product: video_distribution_suite_for_internet_streaming

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:cisco:digital_media_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:cisco:hosted_collaboration_soluti...

Source: nvd

End of list