Security News > 2017 > September > Easily exploitable Apache Struts vulnerability opens businesses to attack (Help Net Security)
2017-09-06 17:11
A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. It can be exploited easily, by sending a specially crafted web request to the application and, according to SANS ISC handler Adrien de Beaupre, a working exploit has already been spotted. About the vulnerability The flaw (CVE-2017-9805) was spotted during a static code analysis by researchers with software … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/-UsDdHqfRcY/
Related news
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |