CVE Watchtower


← Back to CVE List

CVE-2017-9805NVD

Vulnerability Summary

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Severity Level
HIGH(8.1)
Published Date
Sep 15, 2017
Last Modified
Apr 21, 2026
Exploitation Status
ACTIVE
EPSS Score (30-Day)
94.32%Probability
Root Weakness (CWE)
Refer to the official MITRE database for detailed architectural specifications regarding this weakness.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh