2017-09-15 21:29:00 2019-08-12 23:15:15

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Apache Struts 2.5.11 (not an official CPE) Apache Struts 2.5.10.1 (not an official CPE) Apache Struts 2.5.10 (not an official CPE) Apache Struts 2.5.9 (not an official CPE) Apache Struts 2.5.8 (not an official CPE) Apache Struts 2.5.7 (not an official CPE) Apache Struts 2.5.6 (not an official CPE) Apache Struts 2.5.5 (not an official CPE) Apache Struts 2.5.4 (not an official CPE) Apache Struts 2.5.3 (not an official CPE) Apache Struts 2.5.2 (not an official CPE) Apache Struts 2.5.1 (not an official CPE) Apache Struts 2.3.33 (not an official CPE) Apache Struts 2.3.32 (not an official CPE) Apache Struts 2.3.31 (not an official CPE) Apache Struts 2.3.30 (not an official CPE) Apache Struts 2.3.29 (not an official CPE) Apache Struts 2.3.28.1 (not an official CPE) Apache Struts 2.3.28 (not an official CPE) Apache Struts 2.3.24.3 (not an official CPE) Apache Struts 2.3.24.1 (not an official CPE) Apache Struts 2.3.24 (not an official CPE) Apache Struts 2.3.20.3 (not an official CPE) Apache Struts 2.3.20.1 (not an official CPE) Apache Software Foundation Struts 2.3.20 Apache Software Foundation Struts 2.3.16.3 Apache Software Foundation Struts 2.3.16.2 Apache Software Foundation Struts 2.3.16.1 Apache Software Foundation Struts 2.3.16 Apache Software Foundation Struts 2.3.15.3 Apache Software Foundation Struts 2.3.15.2 Apache Software Foundation Struts 2.3.15.1 Apache Software Foundation Struts 2.3.15 Apache Software Foundation Struts 2.3.14.3 Apache Software Foundation Struts 2.3.14.2 Apache Software Foundation Struts 2.3.14.1 Apache Software Foundation Struts 2.3.14 Apache Software Foundation Struts 2.3.12 Apache Software Foundation Struts 2.3.8 Apache Software Foundation Struts 2.3.7 Apache Software Foundation Struts 2.3.4.1 Apache Software Foundation Struts 2.3.4 Apache Software Foundation Struts 2.3.3 Apache Software Foundation Struts 2.3.1.2 Apache Software Foundation Struts 2.3.1 Apache Software Foundation Struts 2.3.1.1 Apache Software Foundation Struts 2.2.3.1 Apache Software Foundation Struts 2.2.3 Apache Software Foundation Struts 2.2.1 Apache Software Foundation Struts 2.2.1.1 Apache Software Foundation Struts 2.1.8.1 Apache Software Foundation Struts 2.1.8 Apache Software Foundation Struts 2.1.6 Apache Software Foundation Struts 2.1.5 Apache Software Foundation Struts 2.1.4 Apache Software Foundation Struts 2.1.3 Apache Software Foundation Struts 2.1.2 Apache Struts 2.5.12 (not an official CPE)