Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3eGotNm01bS1ycnZo

The REST Plugin in Apache Struts is using an outdated XStream library

The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

Permalink: https://github.com/advisories/GHSA-vwxj-6m5m-rrvh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3eGotNm01bS1ycnZo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: over 1 year ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-vwxj-6m5m-rrvh, CVE-2017-9793
References:

• https://nvd.nist.gov/vuln/detail/CVE-2017-9793
• https://github.com/advisories/GHSA-vwxj-6m5m-rrvh
• https://security.netapp.com/advisory/ntap-20180629-0001/
• https://struts.apache.org/docs/s2-051.html
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
• http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm
• http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
• http://www.securityfocus.com/bid/100611
• http://www.securitytracker.com/id/1039262

Blast Radius: 17.4

Affected Packages