Warflop - Security Researcher - Exploit Intelligence Platform

CVE-2017-9805 GITHUB HIGH perl WORKING POC

Apache Struts 2 REST Plugin XStream RCE

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

1 stars

CVSS 8.1

View Code

CVE-2017-9805 NOMISEC HIGH WORKING POC

Apache Struts 2 REST Plugin XStream RCE

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

1 stars

CVSS 8.1

View Code

CVE-2017-9805 GITHUB HIGH perl WORKING POC

Apache Struts 2 REST Plugin XStream RCE

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

CVSS 8.1

View Code

CVE-2017-9805 NOMISEC HIGH WORKING POC

Apache Struts 2 REST Plugin XStream RCE

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

CVSS 8.1

View Code

CVE-2017-9805 EXPLOITDB HIGH python WORKING POC

Apache Struts 2 REST Plugin XStream RCE

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

CVSS 8.1

View Code