Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3eGotNm01bS1ycnZo
The REST Plugin in Apache Struts is using an outdated XStream library
The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
Permalink: https://github.com/advisories/GHSA-vwxj-6m5m-rrvhJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3eGotNm01bS1ycnZo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-vwxj-6m5m-rrvh, CVE-2017-9793
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-9793
- https://github.com/advisories/GHSA-vwxj-6m5m-rrvh
- https://security.netapp.com/advisory/ntap-20180629-0001/
- https://struts.apache.org/docs/s2-051.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
- http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
- http://www.securityfocus.com/bid/100611
- http://www.securitytracker.com/id/1039262
Affected Packages
maven:org.apache.struts:struts2-rest-plugin
Dependent packages: 11Dependent repositories: 212
Downloads:
Affected Version Ranges: < 2.3.34, >= 2.5.0, <= 2.5.12
Fixed in: 2.3.34, 2.5.13
All affected versions: 2.1.2, 2.1.6, 2.1.8, 2.2.1, 2.2.3, 2.3.1, 2.3.3, 2.3.4, 2.3.7, 2.3.8, 2.3.12, 2.3.14, 2.3.15, 2.3.16, 2.3.20, 2.3.24, 2.3.28, 2.3.29, 2.3.30, 2.3.31, 2.3.32, 2.3.33, 2.5.1, 2.5.2, 2.5.5, 2.5.8, 2.5.10, 2.5.12
All unaffected versions: 2.3.34, 2.3.35, 2.3.36, 2.3.37, 2.5.13, 2.5.14, 2.5.16, 2.5.17, 2.5.18, 2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27, 2.5.28, 2.5.29, 2.5.30, 2.5.31, 2.5.32, 2.5.33, 6.0.0, 6.0.3, 6.1.1, 6.1.2, 6.2.0, 6.3.0, 6.4.0