Exploit for Deserialization of Untrusted Data in Apache Struts

CVE-2017-9805 CVE-2017-9805 POC The issue comes fro...

The vulnerability of the JSON-lib library used in REST plugins of the Apache Struts software framework allows attackers to induce a service failure.

The vulnerability of the JSON-Lib library used in Apache Struts’ REST framework programming platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Denial Of Service (DoS)

Apache Struts REST plugin is vulnerable to denial of service DoS attacks. The application uses a version of the xstream library before version 1.4.10, which can crash when attempting to unmarshal void. This is related to CVE-2017-7957...

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...