6.8
CVSSv2

CVE-2017-9805

Published: 15/09/2017 Updated: 12/08/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 748
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The REST Plugin in Apache Struts 2.1.1 up to and including 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheStruts2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.8, 2.1.8.1, 2.2.1, 2.2.1.1, 2.2.3, 2.2.3.1, 2.3.1, 2.3.1.1, 2.3.1.2, 2.3.3, 2.3.4, 2.3.4.1, 2.3.7, 2.3.8, 2.3.12, 2.3.14, 2.3.14.1, 2.3.14.2, 2.3.14.3, 2.3.15, 2.3.15.1, 2.3.15.2, 2.3.15.3, 2.3.16, 2.3.16.1, 2.3.16.2, 2.3.16.3, 2.3.20, 2.3.20.1, 2.3.20.3, 2.3.24, 2.3.24.1, 2.3.24.3, 2.3.28, 2.3.28.1, 2.3.29, 2.3.30, 2.3.31, 2.3.32, 2.3.33, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.10.1, 2.5.11, 2.5.12

Vendor Advisories

The REST Plugin in Apache Struts2 is using a XStreamHandler with an instance of XStream for deserialization without any type filtering which could lead to Remote Code Execution when deserializing XML payloads An attacker could use this flaw to execute arbitrary code or conduct further attacks ...
On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity For more information about the vulnerabilities, refer to ...
Summary The REST Plugin in Apache Struts2 is using a XStreamHandler with an instance of XStream for deserialization without any type filtering which could lead to Remote Code Execution when deserializing XML payloads An attacker could use this flaw to execute arbitrary code or conduct further attacks Affected Products Brocade is inves ...
Oracle Security Alert Advisory - CVE-2017-9805DescriptionThe Apache Foundation’s fixes for CVE-2017-5638, an Apache Struts 2 vulnerability identified by Equifax in relation to Equifax’s recent security incident, were distributed by Oracle to its customers in the April 2017 Critical Patch Update, and should have already been applied to customer ...
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...

Exploits

# Exploit Title: Struts 25 - 2512 REST Plugin XStream RCE # Google Dork: filetype:action # Date: 06/09/2017 # Exploit Author: Warflop # Vendor Homepage: strutsapacheorg/ # Software Link: mirrornbtelecomcombr/apache/struts/2510/struts-2510-allzip # Version: Struts 25 – Struts 2512 # Tested on: Struts 2510 # CVE : 2 ...

Mailing Lists

Apache Struts versions 25 through 2512 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library ...
Apache Struts versions 25 through 2512 REST plugin XStream remote code execution exploit ...

Metasploit Modules

Apache Struts 2 REST Plugin XStream RCE

Apache Struts versions 2.1.2 - 2.3.33 and Struts 2.5 - Struts 2.5.12, using the REST plugin, are vulnerable to a Java deserialization attack in the XStream library.

msf > use exploit/multi/http/struts2_rest_xstream
      msf exploit(struts2_rest_xstream) > show targets
            ...targets...
      msf exploit(struts2_rest_xstream) > set TARGET <target-id>
      msf exploit(struts2_rest_xstream) > show options
            ...show and set options...
      msf exploit(struts2_rest_xstream) > exploit

Github Repositories

Vulnerability information Resources: * cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-9805 What is this? A python exploit script capable of executing remote commands into the shell of a system hosting a Struts2 vulnerable to S2-052 Usage ╭─root@blackshell ~/ ╰─# python s2-052py --target '1921680233/orders/3' --command "echo pwned | te

CVE-2017-9805 (S2-052)反弹Shell Exploit 影响版本 Struts 212 - Struts 2333, Struts 25 - Struts 2512 Poc Content-Type: application/xml &lt;map&gt; &lt;entry&gt; &lt;jdknashorninternalobjectsNativeString&gt; &lt;flags&gt;0&lt;/flags&gt; &lt;value class="comsunxmlinternalbindv2runtimeunmarshallerBase64D

struts-pwn - CVE-2017-9805 Exploit An exploit for Apache Struts CVE-2017-9805 Usage Check if the vulnerability exists against a single URL python struts-pwnpy --url 'examplecom/struts2-rest-showcase/orders/3' Check if the vulnerability exists against a list of URLs python struts-pwnpy --list 'urlstxt' Exploit a single URL python struts-pwnpy -

apache-struts-pwn - CVE-2017-9805 Exploit An exploit for Apache Struts CVE-2017-9805 Usage Check if the vulnerability exists against a single URL python apache-struts-pwnpy --url 'examplecom/struts2-rest-showcase/orders/3' Check if the vulnerability exists against a list of URLs python apache-struts-pwnpy --list 'urlstxt' Exploit a single URL p

S2-052 POC Usage: python CVE-2017-9805-S2-052-POCpy 127001/orders/ 脚本仅作为验证漏洞是否存在的POC

Struts2 Vulnerability - CVE-2017-9805 Description Apache Struts2 REST Plugin XStream RCE(CVE-2017-9805) Usage Usage: cve_2017_9805_pocrb [target_uri] [cmd] #&gt; ruby cve_2017_9805_pocrb 127001 ping -c 4 19216801

CVE-2017-9805py Better Exploit Code For CVE 2017 9805 apache struts Should be mostly error proof Why Recode? Found that most of the exploit code online simply used string concatenation to insert user supplied commands and insert into an XML string This isnt very reliable as XML requires certain special characters use encoding As such, it will trip an error cause those scri

Apache Struts2 S2-052(CVE-2017-9805)远程代码执行漏洞 0x00 漏洞描述 Apache Struts是美国阿帕奇(Apache)软件基金会负责维护的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架。 Struts2是一个基于MVC设计模式的Web应用框架,它本质上相当于一个servlet,在MVC设计模式中,Struts2作为控制器

HHC2017 Holiday Hack 2017 Report I Submitted for SANS Holiday Hack 2017 I Didn't have a lot of time to work on the report, so some details may be missing There may be something in here that will be helpful to someone pagedownloadpy will download all pages of the Great Book at once testcve20179805py is a script I downloaded from githubcom/mazen160/struts-pw

Description Apache Struts RCE tool for CVE 2017-9805 Options u: the target url; c: the command that'll be executed on a vulnerable target; f: automatically checks for RCE using a list of targets (one target per line); p: specify the port for a local listener - used with f option - (default: 8080) Usage go run maingo -u target -c command go run maingo -f filename go r

Struts 2.5 - 2.5.12 REST Plugin XStream RCE

Struts2_rce_XStream_Plugin An RCE attack is possible when using the Struts REST plugin with XStream handler to deserialize XML requests Affected Software:- Struts 212 - Struts 2333, Struts 25 - Struts 2512 CVE: CVE-2017-9805 For patch update the struts version to 2513

apache-exploit Description Apache exploit is a simple demonstration of the apache struts vulnerability (CVE-2017-9805) inside a single Kubernetes namespace There are no external dependencies other then the cluster DNS The purpose of running inside a Kubernetes namespace is simplicity This demo is intended to show how Aporto protects from the Apache Struts vulnerability and i

Struts 2.5 - 2.5.12 REST Plugin XStream RCE

Struts 2.5 - 2.5.12 REST Plugin XStream RCE

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intruder Some exploits You m

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intruder Some exploits You might also like : Methodology and Resources

CVE-shellshock Common Vulnerabilities and Exposures Big CVEs in the last 5 years CVE-2014-0160 - Heartbleed The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet SSL/TLS provides communication se

CVE-in-Ruby It's a repository to import public exploits to be written in Ruby without Metasploit complication Why not Metasploit? To educate people how to write exploits using Ruby To Write exploit for CVEs that doesn't have exploit in a simple way To avoid Metasploit complications But we still LOVE Metasploit To list a common exploit that we face in PT that may or

ABOUT: Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities DEMO VIDEO: FEATURES: Automatically collects basic recon (ie whois, ping, DNS, etc) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-doma

ABOUT: Kn0ck is an automated scanner that can be used during a penetration testing to enumerate and scan for vulnerabilities KN0CK FEATURES: Automatically collects basic recon Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info and checks f

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

ActiveScan++ ActiveScan++ extends Burp Suite's active and passive scanning capabilities Designed to add minimal network overhead, it identifies application behaviour that may be of interest to advanced testers: Potential host header attacks (password reset poisoning, cache poisoning, DNS rebinding) Edge Side Includes XML input handling Suspicious input transformation (eg

Etrata CI Vuln Scanner What is it? This is a lightweight python script that will load/read a directory of CVEs and allow you to search on them Usage etrata -n struts -v 2332 &gt;'CVE-2017-9787', &gt;'CVE-2017-9791', &gt;'CVE-2017-9793', &gt;'CVE-2017-9804', &gt;'CVE-2017-9805', &gt;'CVE-2018

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description an

Payloads_All_The_Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability descriptio

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

Walkthrough and notes of Boot2root CTFs from VulnHub

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description an

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

Alien-Framework ========================================================================= Version: shellmaster - v4 More CVE Exoloits Install and use: [1] git clone githubcom/colorblindpentester/Alien-Framework [2] cd Alien-Framework [3] python3 alien-frameworkpy Features [1] Completly automatic (No requirementstxt) [2] Easy to use [3] For a kali linux and Parrot

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

List of payloads and methodologies for CTF/pentesting/websec

No description, website, or topics provided.

LDAPi: add scripts and dorks

PayloadsAllTheThings_bak

Exploits Containing Self Made Perl Reproducers / PoC Codes This Git Repository Conatains Pesonnal Works That I Do On My free time Donations / Support If you want to support/help me/my projects : BTC : 1N9BgzVVT8ye3UEUXb2p7Pum7RbmEx3byz ETC : 0x789bc32e951ccdaa5702d70fe02e21f596baa085 ETH : 0x789bc32e951ccdaa5702d70fe02e21f596baa085 LTC : LVSPDkX5Dr95cKqQnCMoLgYyzGBdtSsi3y T

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

raw:: html image:: /pictures/logopng raw:: html image:: imgshieldsio/badge/python-36-bluesvg :target: wwwpythonorg/downloads/release/python-366/ :alt: Python 36 image:: readthedocsorg/projects/jok3r/badge/?version=latest :target: jok3rreadthedocsio/en/latest/ :alt: Documentation ReadTheDocs image:: im

Jok3r - Network and Web Pentest Framework Jok3r es una aplicación CLI de Python3 que está dirigida a ayudar a los auditores de penetración en infraestructuras de red y pruebas de seguridad web de black-box Su principal objetivo es ahorrar tiempo en todo lo que se puede automatizar en la red/web a auditar para disfrutar más tiempo en cosas más

No description, website, or topics provided.

LDAPi: add scripts and dorks

Jok3r v3 beta Network &amp; Web Pentest Automation Framework wwwjok3r-frameworkcomWARNING: Project is still in version 3 BETA It is still under active development and bugs might be present Many tests are going on: see githubcom/koutto/jok3r/blob/master/tests/TESTSrst Ideas, bug reports, contributions are welcome ! Overview Features Demos Architecture

[fix] add shodan lib

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks &amp; presentations &amp; docs Payload generators Exploits Detect Vulnerable apps (without

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

No description, website, or topics provided.

Recent Articles

Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776
BleepingComputer • Catalin Cimpanu • 28 Aug 2018

After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week.
The vulnerability in question is tracked as CVE-2018-11776, a remote code execution flaw that allows an attacker to gain control over Struts-based web applications.
The vulnerability is not exploitable in default Struts configurations, according to an analysis by Palo Alto Networks, but the flaw is of intere...

Coinminer Campaigns Target Redis, Apache Solr, and Windows Servers
BleepingComputer • Catalin Cimpanu • 10 Mar 2018

Windows Server, Apache Solr, and Redis servers have been targeted this week by cyber-criminals looking to take over unpatched machines and install malware that mines cryptocurrency (known as a coinminer).
Two separate campaigns have been spotted, both very active this week. One by the Imperva crew, targeting Redis and Windows Servers, and another by the ISC SANS team, targeting Apache Solr installations.
The most active of the two was a campaign that Imperva nicknamed RedisWannaMine....

Oracle corrals and patches Struts 2 vulnerabilities
The Register • Richard Chirgwin • 27 Sep 2017

Big Red issues out-of-band patch for Apache and a few other urgent issues

Oracle has stepped outside its usual quarterly security fix cycle to address the latest Apache Struts 2 vulnerability.
Ever since it emerged at the start of September, CVE-2017-9805 has been (in the words of a former Australian prime minister) “a shiver looking for a spine to crawl up”, because so many vendors use Apache to build Web interfaces and bake Struts 2 into their their Web application framework.
Big Red's sprawling product set meant fixes had to be deployed across more ...

Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug
Threatpost • Chris Brook • 26 Sep 2017

Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities, including a critical remote code execution vulnerability (CVE-2017-9805) that could let an attacker take control of an affected system, late last week.
The Apache Software Foundation patched the RCE vulnerability, which affects servers running apps built using the Struts framework and its REST communication plugin, earlier this month.
Scores of Oracle products, roughly two dozen in total, are aff...

Equifax Confirms March Struts Vulnerability Behind Breach
Threatpost • Chris Brook • 14 Sep 2017

Equifax said the culprit behind this summer’s massive breach of 143 million Americans was indeed CVE-2017-5638, an Apache Struts vulnerability patched back in March.
The bug was widely assumed by experts to be the “U.S. website application vulnerability” implicated by the company last Thursday, especially after an Apache spokeswoman told Reuters on Friday that it appeared the consumer credit reporting agency hadn’t applied patches for flaws discovered earlier this year.
On We...

Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers
BleepingComputer • Catalin Cimpanu • 14 Sep 2017

In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. We quote:
Equifax's confirmation comes after a report from equity research firm Baird circulated last week blaming the same flaw.
At the time it was discovered, in March 2017, the Apache Struts CVE-2017-5638 vulnerability was a zero-day — a term used to describe security bug...

Apache Foundation Refutes Involvement in Equifax Breach
Threatpost • Chris Brook • 11 Sep 2017

A group of developers behind Apache Struts, believed by some to be the culprit behind last week’s Equifax breach, took umbrage with those claims over the weekend.
René Gielen, vice president of the Apache Struts Project Management Committee (PMC) at the Apache Software Foundation, wrote Saturday that if Struts was targeted, it’s unclear which vulnerability, if any was exploited.
The letter, which was written on behalf of the Struts PMC, was spurred by an internal analyst report...

Apache Foundation rebuffs allegation it allowed Equifax attack
The Register • Simon Sharwood • 11 Sep 2017

Timeline explains that either Equifax didn't patch old bugs, or was zero-dayed

The Apache Software Foundation has defended its development practices in the face of a report alleging its code was responsible for the Equifax data leak.
QZ.com, an outlet run by Atlantic Media, alleged that the hack was the result of an attack on Apache Struts, which as we reported last week was found to have a flaw allowing malware to be injected into corporate networks. The outlet pointed out that the flaw may have been present in Struts for nine years.
Which has Apache antsy, as...

Apache Struts Vulnerabilities May Affect Many of Cisco's Products
BleepingComputer • Catalin Cimpanu • 11 Sep 2017

Cisco has initiated a mass security audit of all its products that incorporate a version of the Apache Struts framework, recently affected by a series of vulnerabilities, one of which is under active exploitation.
Cisco engineers will test all the software products for four Apache Struts security bugs disclosed last week.
The company is keeping a list of To-Be-Tested, Vulnerable, and Confirmed Not Vulnerable products in two security advisories, here and here.
The first Cisco se...

New Apache Struts Vulnerability Puts Many Fortune Companies at Risk
BleepingComputer • Catalin Cimpanu • 06 Sep 2017

An estimated 65% of Fortune 100 companies could be vulnerable to a security bug discovered in Apache Struts, a popular Java MVC framework used in the development of many top-grade enterprise applications.
Man Yue Mo, a security with lgtm.com, found this flaw — tracked under the identifier of CVE-2017-9805. The vulnerability resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments.
According to the researcher, the weakness is caused by the way...

Apache Struts you're stuffed: Vuln allows hackers to inject evil code into biz servers
The Register • John Leyden • 05 Sep 2017

All versions of app framework since 2008 affected – so patch!

Malicious code can be pushed into servers running Apache Struts 2 apps, allowing scumbags to run malware within corporate networks.
The critical security vulnerability was discovered by researchers at Semmle, who today went public with their find. Apache Struts is a popular open-source framework for developing applications in Java.
All versions of Struts since 2008 are affected and all web applications using the framework’s popular ​REST plugin are​ ​vulnerable – exposing o...

Patch Released for Critical Apache Struts Bug
Threatpost • Tom Spring • 05 Sep 2017

The Apache Software Foundation has patched a critical remote code execution vulnerability affecting all versions of the popular application development framework Struts since 2008.
All web applications using the framework’s REST plugin are vulnerable. Users are advised to upgrade their Apache Struts components as a matter of urgency, according to Semmle, a software engineering analytics firm that first identified the bug.
“This particular vulnerability allows a remote attacker t...