org.apache.struts:struts2-assembly (>=2.0.11 <=2.3.37), org.apache.struts:struts2-showcase (>=2.0.5 <=2.3.37) +1 more potentially affected by CVE-2017-9791 +1 more via org.apache.struts:struts2-struts1-plugin (>=2.0.11 <=2.3.37)

org.apache.struts:struts2-struts1-plugin MAVEN version =2.0.11, =2.0.11, =2.0.5, =1.0, =1.1 Source cves: CVE-2017-9791, CVE-2017-9805 Source advisory: OSV:GHSA-29RM-6752-GVWV...

Apache Struts2 Struts1_Plugin Remote Code Execution (CVE-2017-9791)

A remote code execution vulnerability exists in the Apache Struts2 using Struts1 plugin. An attacker can leverage this vulnerability by sending a crafted HTTP request to a target system. Successful exploitation could result in execution of arbitrary code on the affected system...

Remote Code Execution (RCE)

struts2-struts1-plugin is vulnerable to remote code execution RCE attacks. These attacks are possible because the user input are not sanitized and are directly passed through messages.add to be used as a part of an error message in the ActionMessage class. This doesn't affect users of the Struts...

Reproduce Struts1 manipulation of the classLoader vulnerability-vulnerability warning-the black bar safety net

Note: this article is only limited technical research, explore, test use. 2 0 1 4 year 4 month 2 9 day burst of struts may be to manipulate the classLoader vulnerability across the struts1 and struts2 all versions. The impact and the severity of the problem can be almost and the heartbleed...