Description
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Apache Software Foundation / Apache Struts2.1.x series – 2.1.x series
- Apache Software Foundation / Apache Struts2.3.x series – 2.3.x series
Exploits & PoCs
- nucleiApache Struts2 S2-053 - Remote Code Executionby pikpikcu
References
- VENDOR_ADVISORYhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
- MISChttp://www.securityfocus.com/bid/99484
- EXPLOIThttps://www.exploit-db.com/exploits/42324/
- MISChttp://struts.apache.org/docs/s2-048.html
- MISChttp://www.securitytracker.com/id/1038838
- EXPLOIThttps://www.exploit-db.com/exploits/44643/
- MISChttps://security.netapp.com/advisory/ntap-20180706-0002/