info
Bugtraq ID: 100609
Class: Input Validation Error
CVE: CVE-2017-9805
Remote: Yes
Local: No
Published: Sep 05 2017 12:00AM
Updated: Sep 05 2017 12:00AM
Credit: Man Yue Mo
Vulnerable: Apache Struts 2.5.9
Apache Struts 2.5.8
Apache Struts 2.5.7
Apache Struts 2.5.6
Apache Struts 2.5.5
Apache Struts 2.5.4
Apache Struts 2.5.3
Apache Struts 2.5.2
Apache Struts 2.5.12
Apache Struts 2.5.11
Apache Struts 2.5.10
Apache Struts 2.5.1
Apache Struts 2.5
Not Vulnerable: Apache Struts 2.5.13
discussion
Apache Struts is prone to a remote code-execution vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Apache Struts 2.5 through 2.5.12 are vulnerable.
SCRIPT EXPLOIT
Bugtraq ID: 100609
Class: Input Validation Error
CVE: CVE-2017-9805
Remote: Yes
Local: No
Published: Sep 05 2017 12:00AM
Updated: Sep 05 2017 12:00AM
Credit: Man Yue Mo
Vulnerable: Apache Struts 2.5.9
Apache Struts 2.5.8
Apache Struts 2.5.7
Apache Struts 2.5.6
Apache Struts 2.5.5
Apache Struts 2.5.4
Apache Struts 2.5.3
Apache Struts 2.5.2
Apache Struts 2.5.12
Apache Struts 2.5.11
Apache Struts 2.5.10
Apache Struts 2.5.1
Apache Struts 2.5
Not Vulnerable: Apache Struts 2.5.13
discussion
Apache Struts is prone to a remote code-execution vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Apache Struts 2.5 through 2.5.12 are vulnerable.
SCRIPT EXPLOIT
View hidden content is available for registered users!
http://www.tools-hack.com/2017/09/apache-struts-25-remote-code-execution.html
