CVE-2017-9804

🗓️ 20 Sep 2017 17:00:00Reported by apacheType

Apache Struts 2 - URLValidator vulnerabilit

Reporter	Title	Published	Views	Family All 25
IBM Security Bulletins	Security Bulletin: IBM OpenPages GRC Platform Web Applications are NOT vulnerable to (CVE-2017-9805 , CVE-2017-9804, CVE-2017-9793)	15 Jun 201823:48	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Spectrum Conductor with Spark (CVE-2017-9787, CVE-2017-9804, and CVE-2017-12611)	18 Jun 201801:38	–	ibm
Broadcom	BSA-2017-428	8 Sep 201700:00	–	broadcom
Circl	CVE-2017-9804	14 Sep 201710:03	–	circl
Cisco	Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017	7 Sep 201721:00	–	cisco
CNVD	Apache Struts Incomplete Fix for Denial of Service Vulnerability	6 Sep 201700:00	–	cnvd
Cvelist	CVE-2017-9804	20 Sep 201717:00	–	cvelist
F5 Networks	K12542008: Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804	21 Feb 202318:53	–	f5
Fortinet	Apache Struts RCE Vulnerability	29 Sep 201700:00	–	fortinet
Github Security Blog	Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used	16 Oct 201819:37	–	github

NVD

Vulners

Node

apache strutsMatch2.3.7

apache strutsMatch2.3.8

apache strutsMatch2.3.9

apache strutsMatch2.3.10

apache strutsMatch2.3.11

apache strutsMatch2.3.12

apache strutsMatch2.3.13

apache strutsMatch2.3.14

apache strutsMatch2.3.14.1

apache strutsMatch2.3.14.2

apache strutsMatch2.3.14.3

apache strutsMatch2.3.15

apache strutsMatch2.3.15.1

apache strutsMatch2.3.15.2

apache strutsMatch2.3.15.3

apache strutsMatch2.3.16

apache strutsMatch2.3.16.1

apache strutsMatch2.3.16.2

apache strutsMatch2.3.16.3

apache strutsMatch2.3.17

apache strutsMatch2.3.19

apache strutsMatch2.3.20

apache strutsMatch2.3.20.1

apache strutsMatch2.3.20.2

apache strutsMatch2.3.21

apache strutsMatch2.3.22

apache strutsMatch2.3.23

apache strutsMatch2.3.24.2

apache strutsMatch2.3.24.3

apache strutsMatch2.3.25

apache strutsMatch2.3.26

apache strutsMatch2.3.27

apache strutsMatch2.3.28

apache strutsMatch2.3.28.1

apache strutsMatch2.3.29

apache strutsMatch2.3.30

apache strutsMatch2.3.31

apache strutsMatch2.3.32

apache strutsMatch2.3.33

apache strutsMatch2.5

apache strutsMatch2.5beta1

apache strutsMatch2.5beta2

apache strutsMatch2.5beta3

apache strutsMatch2.5.1

apache strutsMatch2.5.2

apache strutsMatch2.5.3

apache strutsMatch2.5.4

apache strutsMatch2.5.5

apache strutsMatch2.5.6

apache strutsMatch2.5.7

apache strutsMatch2.5.8

apache strutsMatch2.5.9

apache strutsMatch2.5.10

apache strutsMatch2.5.10.1

apache strutsMatch2.5.12

[
  {
    "product": "Apache Struts",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.7 - 2.3.33"
      },
      {
        "status": "affected",
        "version": "2.5 - 2.5.12"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20180629-0001/
securitytracker	www.securitytracker.com/id/1039261
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt
struts	www.struts.apache.org/docs/s2-050.html
securityfocus	www.securityfocus.com/bid/100612
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
oracle	www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

13 May 2026 00:24Current

6.4Medium risk

Vulners AI Score6.4

CVSS 25

CVSS 37.5

EPSS0.04618

CWE-20