CVE-2017-9805
Apache Struts Deserialization of Untrusted Data Vulnerability
CVSS
—
Sin CVSS
EPSS
99.5%
p100
KEV
SÍ
3 nov 2021
Exploit Today
80
0-100
Publicado: — · Última mod.: —
99.5%EPSS · 30 días99.5%
2026-06-302026-07-16
Producto
Apache / Struts
Vulnerabilidad
Apache Struts Deserialization of Untrusted Data Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
3 may 2022
Uso conocido en ransomware
No
Descripción resumida
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2017-9805
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2017-5638—100.0%
KEV—80Apache Struts Remote Code Execution Vulnerability—CVE-2018-11776—100.0%
KEV—80Apache Struts Remote Code Execution Vulnerability—CVE-2013-2251—100.0%
KEV—80Apache Struts Improper Input Validation Vulnerability—CVE-2020-17530—99.9%
KEV—80Apache Struts Remote Code Execution Vulnerability—