← ExploitWatch
HomeExploited Vulnerabilities

CVE-2017-9791 — Actively Exploited: Struts 1 (Apache)

The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

CVE IDCVE-2017-9791
VendorApache
ProductStruts 1
Vulnerability nameApache Struts 1 Improper Input Validation Vulnerability
Date added2022-02-10
Remediation due2022-08-10
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionThe Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →