Security News > 2017 > September > Easily exploitable Apache Struts vulnerability opens businesses to attack (Help Net Security)
2017-09-06 17:11
A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. It can be exploited easily, by sending a specially crafted web request to the application and, according to SANS ISC handler Adrien de Beaupre, a working exploit has already been spotted. About the vulnerability The flaw (CVE-2017-9805) was spotted during a static code analysis by researchers with software … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/-UsDdHqfRcY/
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |