Lucene search

[email protected]NVD:CVE-2017-9793

HistorySep 20, 2017 - 5:29 p.m.

CVE-2017-9793

2017-09-2017:29:00

CWE-20

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.932 High

EPSS

Percentile

99.1%

JSON

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

Affected configurations

NVD

Node

apachestrutsMatch2.3.7

apachestrutsMatch2.3.8

apachestrutsMatch2.3.9

apachestrutsMatch2.3.10

apachestrutsMatch2.3.11

apachestrutsMatch2.3.12

apachestrutsMatch2.3.13

apachestrutsMatch2.3.14

apachestrutsMatch2.3.14.1

apachestrutsMatch2.3.14.2

apachestrutsMatch2.3.14.3

apachestrutsMatch2.3.15

apachestrutsMatch2.3.15.1

apachestrutsMatch2.3.15.2

apachestrutsMatch2.3.15.3

apachestrutsMatch2.3.16

apachestrutsMatch2.3.16.1

apachestrutsMatch2.3.16.2

apachestrutsMatch2.3.16.3

apachestrutsMatch2.3.17

apachestrutsMatch2.3.19

apachestrutsMatch2.3.20

apachestrutsMatch2.3.20.1

apachestrutsMatch2.3.20.2

apachestrutsMatch2.3.21

apachestrutsMatch2.3.22

apachestrutsMatch2.3.23

apachestrutsMatch2.3.24.2

apachestrutsMatch2.3.24.3

apachestrutsMatch2.3.25

apachestrutsMatch2.3.26

apachestrutsMatch2.3.27

apachestrutsMatch2.3.28

apachestrutsMatch2.3.28.1

apachestrutsMatch2.3.29

apachestrutsMatch2.3.30

apachestrutsMatch2.3.31

apachestrutsMatch2.3.32

apachestrutsMatch2.3.33

apachestrutsMatch2.5

apachestrutsMatch2.5beta1

apachestrutsMatch2.5beta2

apachestrutsMatch2.5beta3

apachestrutsMatch2.5.1

apachestrutsMatch2.5.2

apachestrutsMatch2.5.3

apachestrutsMatch2.5.4

apachestrutsMatch2.5.5

apachestrutsMatch2.5.6

apachestrutsMatch2.5.7

apachestrutsMatch2.5.8

apachestrutsMatch2.5.9

apachestrutsMatch2.5.10

apachestrutsMatch2.5.10.1

apachestrutsMatch2.5.12

References

www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm

www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

www.securityfocus.com/bid/100611

www.securitytracker.com/id/1039262

security.netapp.com/advisory/ntap-20180629-0001/

struts.apache.org/docs/s2-051.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.932 High

EPSS

Percentile

99.1%

JSON

Related for NVD:CVE-2017-9793

github1 redhatcve1 cve1 checkpoint_advisories2 openvas2 ubuntucve1 prion1 cvelist1 osv2 veracode1 cisco1 ibm1 threatpost2 fortinet1 f51 nessus2 thn1