Published: 10/07/2017 Updated: 28/05/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 762

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts 2.3.1
apache struts 2.3.1.1
apache struts 2.3.1.2
apache struts 2.3.3
apache struts 2.3.4
apache struts 2.3.4.1
apache struts 2.3.7
apache struts 2.3.8
apache struts 2.3.12
apache struts 2.3.14
apache struts 2.3.14.1
apache struts 2.3.14.2
apache struts 2.3.14.3
apache struts 2.3.15
apache struts 2.3.15.1
apache struts 2.3.15.2
apache struts 2.3.15.3
apache struts 2.3.16
apache struts 2.3.16.1
apache struts 2.3.16.2
apache struts 2.3.16.3
apache struts 2.3.20
apache struts 2.3.20.1
apache struts 2.3.20.3
apache struts 2.3.24
apache struts 2.3.24.1
apache struts 2.3.24.3
apache struts 2.3.28
apache struts 2.3.28.1
apache struts 2.3.29
apache struts 2.3.30
apache struts 2.3.31
apache struts 2.3.32

The Struts 1 plugin in Apache Struts 23x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage ...

Apache Struts 23x Showcase remote code execution proof of concept exploit ...

#!/usr/bin/python # -*- coding: utf-8 -*- # Just a demo for CVE-2017-9791 import requests def exploit(url, cmd): print("[+] command: %s" % cmd) payload = "%{" payload += "(#dm=@ognlOgnlContext@DEFAULT_MEMBER_ACCESS)" payload += "(#_memberAccess?(#_memberAccess=#dm):" payload += "((#container=#context['comopensymphonyxw ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Apach ...

A simple framework for vulnerability scanner known web CVEs.

webcve-scan The goal of this tool is to send PoC payloads to verify server-side attack detection solutions If detected, the server side should return a specified HTTP code test Usage Basic: /webcvepy --url target-sitecom Specify detected response code (default is 403): /webcvepy --url target-sitecom --status-code

CVE-2017-9791

Struts2-048 CVE-2017-9791 Author: DragonEgg def Usage(): print 'check:' print ' python filepy 1111/struts2-showcase/integration/saveGangsteraction' print 'poc:' print ' python filepy 1111/struts2-showcase/integration/saveGangsteraction command' Demo

A simple framework for sending test payloads for known web CVEs.

web-cve-tests The goal of this tool is to send PoC payloads to verify server-side attack detection solutions If detected, the server side should return a specified HTTP status code This tool is not intended to actually exploit the vulnerability or to test for the existence of the vulnerability Usage Basic: /webcvepy --url target-sitecom

部分cms的exp

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明：目前来看，本项目会进行长期维护，有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 ThinkPHP ThinkPHP_323-5010_缓存函数设计缺陷 Discuz Discuz_＜34_birthprovince_前台任意文件删除 DedeCMS DedeCMS_v57_shops_delivery_存储型XSS DedeCMS_v57_car

Apache struts struts 2 048, CVE-2017-9791.

s2-048 Exp for s2-048, CVE-2017-9791 ______ _______ ____ ___ _ _____ ___ _____ ___ _ / ___\ \ / / ____| |___ \ / _ \/ |___ | / _ \___ / _ \/ | | | \ \ / /| _| _____ __) | | | | | / /___| (_) | / / (_) | | | |___ \ V / | |__|_____/ __/| |_| | | / /_____\__, |/ / \__, | | \____| \_/ |_____| |_____|\___/|_|/_/ /_//_/ /_/|_|

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明：目前来看，本项目会进行长期维护，有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz Discuz_＜34_birthprovince_前台任意文件删除 DedeCMS DedeCMS_v57_shops_delivery_存储型XSS DedeCMS_v57_carbuyaction_存储型XSS DedeCMS_v57_友情链接CSRF_GetSh

st2-048

St2-048 Remote Code Execution Vulnerability Apache Struts 2 possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 23x series strutsapacheorg/docs/s2-048html cwikiapacheorg/confluence/display/WW/S2-048 Use-Age: > python St2-048py set url : xxxxxxxx:port/integration/saveGangsteraction cmd >>:

Metasploit module for Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability

CVE-2017-9791 Metasploit module for Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability

Oracle corrals and patches Struts 2 vulnerabilities

The Register • Richard Chirgwin • 27 Sep 2017

Big Red issues out-of-band patch for Apache and a few other urgent issues

Oracle has stepped outside its usual quarterly security fix cycle to address the latest Apache Struts 2 vulnerability. Ever since it emerged at the start of September, CVE-2017-9805 has been (in the words of a former Australian prime minister) “a shiver looking for a spine to crawl up”, because so many vendors use Apache to build Web interfaces and bake Struts 2 into their their Web application framework. Big Red's sprawling product set meant fixes had to be deployed across more than 20 prod...

CVE-2017-9791

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect