CVE-2017-9805

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "tags": ["Patch", "Third Party Advisory"], "refsource": ""}, {"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "tags": ["Patch", "Third Party Advisory"], "refsource": ""}, {"url": "http://www.securityfocus.com/bid/100609", "name": "100609", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://www.securityfocus.com/bid/100609", "name": "100609", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://www.securitytracker.com/id/1039263", "name": "1039263", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://www.securitytracker.com/id/1039263", "name": "1039263", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax", "name": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax", "name": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://cwiki.apache.org/confluence/display/WW/S2-052", "name": "https://cwiki.apache.org/confluence/display/WW/S2-052", "tags": ["Mitigation", "Vendor Advisory"], "refsource": ""}, {"url": "https://cwiki.apache.org/confluence/display/WW/S2-052", "name": "https://cwiki.apache.org/confluence/display/WW/S2-052", "tags": ["Mitigation", "Vendor Advisory"], "refsource": ""}, {"url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805", "name": "https://lgtm.com/blog/apache_struts_CVE-2017-9805", "tags": ["Broken Link"], "refsource": ""}, {"url": "https://lgtm.com/blog/apache_struts_CVE-2017-9805", "name": "https://lgtm.com/blog/apache_struts_CVE-2017-9805", "tags": ["Broken Link"], "refsource": ""}, {"url": "https://security.netapp.com/advisory/ntap-20170907-0001/", "name": "https://security.netapp.com/advisory/ntap-20170907-0001/", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://security.netapp.com/advisory/ntap-20170907-0001/", "name": "https://security.netapp.com/advisory/ntap-20170907-0001/", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://struts.apache.org/docs/s2-052.html", "name": "https://struts.apache.org/docs/s2-052.html", "tags": ["Mitigation", "Vendor Advisory"], "refsource": ""}, {"url": "https://struts.apache.org/docs/s2-052.html", "name": "https://struts.apache.org/docs/s2-052.html", "tags": ["Mitigation", "Vendor Advisory"], "refsource": ""}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2", "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2", "name": "20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/42627/", "name": "42627", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/42627/", "name": "42627", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://www.kb.cert.org/vuls/id/112992", "name": "VU#112992", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}, {"url": "https://www.kb.cert.org/vuls/id/112992", "name": "VU#112992", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-502"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-9805", "ASSIGNER": "security@apache.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}}, "publishedDate": "2017-09-15T19:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.3.34", "versionStartIncluding": "2.1.2"}, {"cpe23Uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.5.13", "versionStartIncluding": "2.5.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:digital_media_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:hosted_collaboration_solution:11.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:network_performance_analysis:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:video_distribution_suite_for_internet_streaming:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:media_experience_engine:3.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:media_experience_engine:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:hosted_collaboration_solution:11.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:hosted_collaboration_solution:11.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:hosted_collaboration_solution:10.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-06T19:48Z"}