CVE-2017-9805 — Actively Exploited: Struts (Apache)
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.
| CVE ID | CVE-2017-9805 |
|---|---|
| Vendor | Apache |
| Product | Struts |
| Vulnerability name | Apache Struts Deserialization of Untrusted Data Vulnerability |
| Date added | 2021-11-03 |
| Remediation due | 2022-05-03 |
| Known ransomware use | Unknown |
| Required action | Apply updates per vendor instructions. |
| Description | Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →