Lucene search
GitHub Advisory DatabaseGHSA-29RM-6752-GVWVHistoryMay 13, 2022 - 1:26 a.m.
Code execution in Apache Struts 1 plugin
2022-05-1301:26:13
CWE-20
GitHub Advisory Database
github.com
20
0.974 High
EPSS
Percentile
99.9%
The Struts 1 plugin used with Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.struts:struts2-struts1-plugin | le | 2.3.37 |
References
struts.apache.org/docs/s2-048.html
github.com/advisories/GHSA-29rm-6752-gvwv
github.com/apache/struts/commit/ffe0e20edd9d5386f4410fddd970286a69373243
nvd.nist.gov/vuln/detail/CVE-2017-9791
security.netapp.com/advisory/ntap-20180706-0002/
www.exploit-db.com/exploits/42324/
www.exploit-db.com/exploits/44643/
Related
saint
saint
Apache Struts 2 Struts 1 plugin Showcase OGNL code execution
2018-06-06 00:00:00
Apache Struts 2 Struts 1 plugin Showcase OGNL code execution
2018-06-06 00:00:00
Apache Struts 2 Struts 1 plugin Showcase OGNL code execution
2018-06-06 00:00:00
dsquare
dsquare
Apache Struts 2 Struts 1 Plugin ActionMessage < 2.3.32 RCE
2017-10-20 00:00:00
openvas
openvas
Apache Struts RCE Vulnerability (S2-048) - Active Check
2017-07-10 00:00:00
Apache Struts RCE Vulnerability (S2-048) - Version Check
2021-09-16 00:00:00
zdt
zdt
Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution Exploit
2018-05-18 00:00:00
Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) Exploit
2017-07-14 00:00:00
myhack58
myhack58
f5
f5
K23289753 : Apache Struts vulnerability CVE-2017-9791
2017-07-18 00:00:00
cve
cve
CVE-2017-9791
2017-07-10 16:29:00
packetstorm
packetstorm
Apache Struts 2.3.x Showcase Remote Code Execution
2017-07-14 00:00:00
Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
2018-05-16 00:00:00
ibm
ibm
nessus
nessus
Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)
2017-07-11 00:00:00
Apache Struts 2.3.x Struts 1 plugin RCE (remote)
2017-09-01 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities
2017-10-04 00:00:00
osv
osv
Code execution in Apache Struts 1 plugin
2022-05-13 01:26:13
CVE-2017-9791
2017-07-10 16:29:00
prion
prion
Remote code execution
2017-07-10 16:29:00
exploitpack
exploitpack
Apache Struts 2.3.x Showcase - Remote Code Execution
2017-07-07 00:00:00
cvelist
cvelist
CVE-2017-9791
2017-07-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Struts2 Struts1_Plugin Remote Code Execution (CVE-2017-9791)
2017-07-09 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-07-07 21:38:00
cisa_kev
cisa_kev
Apache Struts 1 Improper Input Validation Vulnerability
2022-02-10 00:00:00
redhatcve
redhatcve
CVE-2017-9791
2017-07-10 19:19:45
ubuntucve
ubuntucve
CVE-2017-9791
2017-07-10 00:00:00
exploitdb
exploitdb
Apache Struts 2.3.x Showcase - Remote Code Execution
2017-07-07 00:00:00
nuclei
nuclei
Apache Struts2 S2-053 - Remote Code Execution
2021-02-21 15:39:29
pentestit
pentestit
S2-052: Apache Struts2 REST Plugin Payloads (CVE-2017-9805)
2017-09-07 05:33:35
impervablog
impervablog
CVE-2017-9791: Analysis of RCE in the Struts Showcase App in Struts 1 Plugin
2017-07-13 19:12:31
CVE-2017-9805: Analysis of Apache Struts RCE Vulnerability in REST Plugin
2017-09-08 16:10:08
Impervaβs Top 10 Blogs of 2017
2017-12-18 17:43:16
attackerkb
attackerkb
CVE-2017-9791
2017-07-10 00:00:00
threatpost
threatpost
Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe
2019-08-15 18:41:37
Self-Propagating Lucifer Malware Targets Windows Systems
2020-06-24 21:20:16
Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug
2017-09-26 14:28:26
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-02-10 00:00:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00