Security News > 2017 > September > Easily exploitable Apache Struts vulnerability opens businesses to attack (Help Net Security)

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-09-15 CVE-2017-9805 Deserialization of Untrusted Data vulnerability in multiple products
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
network
high complexity
apache cisco netapp CWE-502
8.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 305 59 859 659 313 1890