| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
| Security Bulletin: IBM OpenPages GRC Platform Web Applications are NOT vulnerable to (CVE-2017-9805 , CVE-2017-9804, CVE-2017-9793) | 15 Jun 201823:48 | – | ibm | |
| Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Spectrum Conductor with Spark (CVE-2017-9787, CVE-2017-9804, and CVE-2017-12611) | 18 Jun 201801:38 | – | ibm | |
| BSA-2017-428 | 8 Sep 201700:00 | – | broadcom | |
| CVE-2017-9804 | 14 Sep 201710:03 | – | circl | |
| Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 | 7 Sep 201721:00 | – | cisco | |
| Apache Struts Incomplete Fix for Denial of Service Vulnerability | 6 Sep 201700:00 | – | cnvd | |
| CVE-2017-9804 | 20 Sep 201717:00 | – | cve | |
| CVE-2017-9804 | 20 Sep 201717:00 | – | cvelist | |
| K12542008: Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804 | 21 Feb 202318:53 | – | f5 | |
| Apache Struts RCE Vulnerability | 29 Sep 201700:00 | – | fortinet |
| Source | Link |
|---|---|
| cwiki | www.cwiki.apache.org/confluence/display/WW/S2-050 |
| securityfocus | www.securityfocus.com/bid/100612 |
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.107239");
script_version("2025-01-17T05:37:18+0000");
script_cve_id("CVE-2017-9804");
script_tag(name:"last_modification", value:"2025-01-17 05:37:18 +0000 (Fri, 17 Jan 2025)");
script_tag(name:"creation_date", value:"2017-09-11 14:24:03 +0200 (Mon, 11 Sep 2017)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");
script_name("Apache Struts DoS Vulnerability (S2-050) - Linux");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Denial of Service");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/100612");
script_xref(name:"URL", value:"https://cwiki.apache.org/confluence/display/WW/S2-050");
script_tag(name:"summary", value:"Apache Struts is prone to a regular expression Denial
of Service (DoS) vulnerability when using URLValidator.
This VT has been deprecated and merged into the VT 'Apache Struts DoS Vulnerability (S2-050)'
(OID: 1.3.6.1.4.1.25623.1.0.107240).");
script_tag(name:"insight", value:"The previous fix issued with S2-047 was incomplete.
If an application allows enter an URL in a form field and built-in URLValidator is used,
it is possible to prepare a special URL which will be used to overload server process
when performing validation of the URL.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the
target host.");
script_tag(name:"impact", value:"An attacker can exploit this issue to cause a DoS
condition, denying service to legitimate users.");
script_tag(name:"affected", value:"Apache Struts 2.3.7 through 2.3.33 and 2.5 through
2.5.12.");
script_tag(name:"solution", value:"Update to version 2.3.34, 2.5.13 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"deprecated", value:TRUE);
exit(0);
}
exit(66);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation