CVE-2017-9805 - Apache Struts Deserialization of Untrusted Data Vulnerability
Project:Apache
Product:Struts
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Apache Struts Deserialization of Untrusted Data Vulnerability
Description
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-9805
Related News Articles
China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and BrazilMay 30, 2025