Lucene search

K
saintSAINT CorporationSAINT:5B8CEB9A64574FBC9B91366BB8FFC719
HistorySep 08, 2017 - 12:00 a.m.

Apache Struts REST plugin XStream deserialization vulnerability

2017-09-0800:00:00
SAINT Corporation
download.saintcorporation.com
65

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

Added: 09/08/2017
CVE: CVE-2017-9805
BID: 100609

Background

Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture.

Problem

The REST plugin in Apache Struts uses **XStreamHandler** with an instance of XStream for deserialization without any type filtering, allowing a remote, unauthenticated attacker to execute arbitrary commands.

Resolution

Upgrade to Apache Struts 2.3.34 or 2.5.13 or higher.

References

<https://struts.apache.org/docs/s2-052.html&gt;
<http://blog.talosintelligence.com/2017/09/apache-struts-being-exploited.html&gt;

Limitations

Exploit works on Struts 2.5.10 running on Linux.

Platforms

Windows
Linux
Linux x64

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%