Security News > 2017 > September > Easily exploitable Apache Struts vulnerability opens businesses to attack (Help Net Security)
2017-09-06 17:11
A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. It can be exploited easily, by sending a specially crafted web request to the application and, according to SANS ISC handler Adrien de Beaupre, a working exploit has already been spotted. About the vulnerability The flaw (CVE-2017-9805) was spotted during a static code analysis by researchers with software … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/-UsDdHqfRcY/
Related news
- Security Vulnerability in Saflok’s RFID-Based Keycard Locks (source)
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Security Vulnerability of HTML Emails (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- Apache Cordova App Harness Targeted in Dependency Confusion Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in Apache Struts The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 6.8 |