Bird_banner_small4
Apache Struts 2 REST Plugin XStreamHandler Insecure Deserialization
TSL ID TSL20170905-03
CVE ID(s) CVE-2017-9805
Severity Critical
Description

An insecure deserialization vulnerability has been discovered in Apache Struts 2 REST Plugin. The vulnerability is due to the deserialization of untrusted data by XStreamHandler.

A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation will allow an attacker to execute arbitrary code with the privileges of the server.

Apache has issued an advisory addressing this vulnerability:

https://struts.apache.org/docs/s2-052.html

Affected Products
  • Apache Software Foundation Struts 2.1.2 through 2.3.33
  • Apache Software Foundation Struts 2.5 through 2.5.12
CVSS Score Base 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 6.2 (E:F/RL:OF/RC:C):
  • The exploitability level of this vulnerability is FUNCTIONAL
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://github.com/wvu-r7/metasploit-framework/blob/dae6edabd41e4ed18d2251ac3a70b501b53d24e4/modules/exploits/multi/http/struts2_rest_xstream.rb
https://lgtm.com/blog/apache_struts_CVE-2017-9805
https://struts.apache.org/docs/s2-052.html
Related Threats