Description

Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads.

Remediation

Upgrade to Struts 2.5.13 or Struts 2.3.34.

References

Security Bulletin S2-052

Related Vulnerabilities

WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)

Horde remote code execution

WordPress Plugin Similar Posts-Best Related Posts for WordPress Remote Code Execution (3.1.5)

phpThumb() fltr[] parameter command injection vulnerability

WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)

Severity

High

Classification

CVE-2017-9805 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Code Execution Known Vulnerabilities Acumonitor