Description

Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads.

Remediation

Upgrade to Struts 2.5.13 or Struts 2.3.34.

References

Security Bulletin S2-052

Related Vulnerabilities

MySQL CVE-2022-21284 Vulnerability (CVE-2022-21284)

IBM WebSEAL Session Fixation Vulnerability (CVE-2018-1804)

Piwigo Improper Access Control Vulnerability (CVE-2016-10085)

Sqlite Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19925)

Oracle JRE CVE-2013-1557 Vulnerability (CVE-2013-1557)

Severity

High

Classification

CVE-2017-9805 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Code Execution Known Vulnerabilities Acumonitor