Remote Code Execution (RCE)

🗓️ 08 Sep 2017 06:31:48Reported by Veracode Vulnerability DatabaseType

struts2-core vulnerability to remote code executio

Reporter	Title	Published	Views	Family All 162
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Struts	3 Oct 202200:15	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Struts	6 Sep 201708:32	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Struts	4 Dec 201718:23	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Struts	28 Feb 202611:29	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Apache Struts	8 Sep 201702:50	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Struts	9 Sep 201701:32	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Struts	16 Mar 202608:01	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Struts	10 Sep 201705:26	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Struts	4 Jan 202618:57	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Struts	7 Sep 201708:49	–	githubexploit

Vulners

Node

apache struts2-coreRange2.5-BETA1–2.5.10.1java

apache struts2-coreRange2.0.5–2.3.33java

apache struts2-coreRange2.0.1–2.0.4java

Source	Link
struts	www.struts.apache.org/docs/s2-053.html
securityfocus	www.securityfocus.com/bid/100829
kb	www.kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt
oracle	www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
jd	www.jd.com/
cwiki	www.cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.34
cwiki	www.cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.12

12 Sep 2023 21:15Current

9.6High risk

Vulners AI Score9.6

CVSS 27.5

CVSS 39.8

EPSS0.94322