Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.10

Type maven

Namespace org.apache.struts

Name struts2-rest-plugin

Version 2.5.10

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.5.33

Latest_non_vulnerable_version 6.3.0.2

Affected_by_vulnerabilities

url VCID-492x-u9pr-auen

vulnerability_id VCID-492x-u9pr-auen

summary

DoS attack via crafted XML payload processed by REST Plugin using XStream library
The REST Plugin in this package is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9793.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9793.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9793

reference_id

reference_type

scores

value	0.07937
scoring_system	epss
scoring_elements	0.92066
published_at	2026-04-18T12:55:00Z

value	0.07937
scoring_system	epss
scoring_elements	0.92041
published_at	2026-04-07T12:55:00Z

value	0.07937
scoring_system	epss
scoring_elements	0.92069
published_at	2026-04-16T12:55:00Z

value	0.07937
scoring_system	epss
scoring_elements	0.92061
published_at	2026-04-12T12:55:00Z

value	0.07937
scoring_system	epss
scoring_elements	0.92057
published_at	2026-04-13T12:55:00Z

value	0.07937
scoring_system	epss
scoring_elements	0.92053
published_at	2026-04-08T12:55:00Z

value	0.07937
scoring_system	epss
scoring_elements	0.92023
published_at	2026-04-01T12:55:00Z

value	0.07937
scoring_system	epss
scoring_elements	0.92029
published_at	2026-04-02T12:55:00Z

value	0.07937
scoring_system	epss
scoring_elements	0.92037
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9793

reference_url

https://github.com/advisories/GHSA-vwxj-6m5m-rrvh

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-vwxj-6m5m-rrvh

reference_url

https://security.netapp.com/advisory/ntap-20180629-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0001

reference_url	https://security.netapp.com/advisory/ntap-20180629-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0001/

reference_url

https://struts.apache.org/docs/s2-051.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-051.html

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_url

http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url

http://www.securityfocus.com/bid/100611

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/100611

reference_url

http://www.securitytracker.com/id/1039262

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1039262

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1488481
reference_id	1488481
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1488481

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::

reference_url	https://access.redhat.com/security/cve/CVE-2017-9793
reference_id	CVE-2017-9793
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2017-9793

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9793

reference_id

CVE-2017-9793

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9793

fixed_packages

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.13

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-fy9j-w7r2-sugr

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hpm1-euf1-vff1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.13

aliases CVE-2017-9793, GHSA-vwxj-6m5m-rrvh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-492x-u9pr-auen

url VCID-79j9-v8gz-rfax

vulnerability_id VCID-79j9-v8gz-rfax

summary

Remote code execution in Apache Struts
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

references

reference_url

http://jvn.jp/en/jp/JVN43969166/index.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://jvn.jp/en/jp/JVN43969166/index.html

reference_url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-17530

reference_id

reference_type

scores

value	0.94376
scoring_system	epss
scoring_elements	0.99967
published_at	2026-04-13T12:55:00Z

value	0.94376
scoring_system	epss
scoring_elements	0.99968
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17530

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-061

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-061

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://security.netapp.com/advisory/ntap-20210115-0005

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210115-0005

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1905645
reference_id	1905645
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1905645

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

reference_id

CVE-2020-17530

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

reference_url

https://github.com/advisories/GHSA-jc35-q369-45pv

reference_id

GHSA-jc35-q369-45pv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jc35-q369-45pv

reference_url

https://security.netapp.com/advisory/ntap-20210115-0005/

reference_id

ntap-20210115-0005

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://security.netapp.com/advisory/ntap-20210115-0005/

fixed_packages

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.26

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hpm1-euf1-vff1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.26

aliases CVE-2020-17530, GHSA-jc35-q369-45pv

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79j9-v8gz-rfax

url VCID-bgbt-j1n9-6yg5

vulnerability_id VCID-bgbt-j1n9-6yg5

summary The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1327

reference_id

reference_type

scores

value	0.0622
scoring_system	epss
scoring_elements	0.90902
published_at	2026-04-18T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90905
published_at	2026-04-16T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.9088
published_at	2026-04-13T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90881
published_at	2026-04-12T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90872
published_at	2026-04-09T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90866
published_at	2026-04-08T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90854
published_at	2026-04-07T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90844
published_at	2026-04-04T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90833
published_at	2026-04-02T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90828
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1327

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-056

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-056

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa

reference_url

https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4

reference_url

https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323

reference_url

https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180330-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180330-0001

reference_url	https://security.netapp.com/advisory/ntap-20180330-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180330-0001/

reference_url	https://struts.apache.org/docs/s2-056.html
reference_id
reference_type
scores
url	https://struts.apache.org/docs/s2-056.html

reference_url

https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516

reference_url

https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.securityfocus.com/bid/103516
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103516

reference_url	http://www.securitytracker.com/id/1040575
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040575

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1561007
reference_id	1561007
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1561007

reference_url	https://access.redhat.com/security/cve/CVE-2018-1327
reference_id	CVE-2018-1327
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2018-1327

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1327

reference_id

CVE-2018-1327

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1327

reference_url

https://github.com/advisories/GHSA-38cr-2ph5-frr9

reference_id

GHSA-38cr-2ph5-frr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-38cr-2ph5-frr9

fixed_packages

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.16

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hpm1-euf1-vff1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.16

aliases CVE-2018-1327, GHSA-38cr-2ph5-frr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bgbt-j1n9-6yg5

url VCID-fy9j-w7r2-sugr

vulnerability_id VCID-fy9j-w7r2-sugr

summary

DoS vulnerability
The REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15707.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15707.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15707

reference_id

reference_type

scores

value	0.01534
scoring_system	epss
scoring_elements	0.81328
published_at	2026-04-09T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81365
published_at	2026-04-18T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81363
published_at	2026-04-16T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81326
published_at	2026-04-13T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81334
published_at	2026-04-12T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81265
published_at	2026-04-01T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81274
published_at	2026-04-02T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81296
published_at	2026-04-04T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81294
published_at	2026-04-07T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81323
published_at	2026-04-08T12:55:00Z

value	0.01534
scoring_system	epss
scoring_elements	0.81348
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15707

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-054

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-054

reference_url

https://github.com/advisories/GHSA-xcrm-qpp8-hcw4

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xcrm-qpp8-hcw4

reference_url

https://security.netapp.com/advisory/ntap-20171214-0001

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20171214-0001

reference_url	https://security.netapp.com/advisory/ntap-20171214-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20171214-0001/

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url

http://www.securityfocus.com/bid/102021

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/102021

reference_url

http://www.securitytracker.com/id/1039946

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1039946

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1522794
reference_id	1522794
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1522794

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:::::::*
reference_id	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm_framework:9.3.6:::::::*
reference_id	cpe:2.3:a:oracle:agile_plm_framework:9.3.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm_framework:9.3.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:::::::*
reference_id	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:::::::*
reference_id	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:::::::*
reference_id	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatchauto::::::::
reference_id	cpe:2.3:a:oracle:global_lifecycle_management_opatchauto::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatchauto::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*
reference_id	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_order_broker:5.2:::::::*
reference_id	cpe:2.3:a:oracle:retail_order_broker:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_order_broker:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.2:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.11:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:6.5.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.2.0:::::::*
reference_id	cpe:2.3:a:oracle:webcenter_portal:12.2.1.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
reference_id	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.2:::::::*
reference_id	cpe:2.3:a:oracle:weblogic_server:12.2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3:::::::*
reference_id	cpe:2.3:a:oracle:weblogic_server:12.2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15707

reference_id

CVE-2017-15707

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15707

fixed_packages

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.14.1

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.14.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hpm1-euf1-vff1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.14.1

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.16

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hpm1-euf1-vff1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.16

aliases CVE-2017-15707, GHSA-xcrm-qpp8-hcw4

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fy9j-w7r2-sugr

url VCID-gfxq-vtry-bqgg

vulnerability_id VCID-gfxq-vtry-bqgg

summary

Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

references

reference_url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_id

reference_type

scores

value	0.92864
scoring_system	epss
scoring_elements	0.99769
published_at	2026-04-18T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99842
published_at	2026-04-07T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99841
published_at	2026-04-02T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99844
published_at	2026-04-13T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99843
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id	2253938
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_id

CVE-2023-50164

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_url

https://github.com/advisories/GHSA-2j39-qcjm-428w

reference_id

GHSA-2j39-qcjm-428w

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j39-qcjm-428w

fixed_packages

url	pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.33
purl	pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.33
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.33

url	pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.2
purl	pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.2

aliases CVE-2023-50164, GHSA-2j39-qcjm-428w

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg

url VCID-hgj2-vqzn-gyeb

vulnerability_id VCID-hgj2-vqzn-gyeb

summary

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31805

reference_id

reference_type

scores

value	0.93956
scoring_system	epss
scoring_elements	0.99886
published_at	2026-04-18T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99883
published_at	2026-04-07T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99885
published_at	2026-04-13T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99884
published_at	2026-04-12T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99881
published_at	2026-04-01T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99882
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31805

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-062

reference_url

https://security.netapp.com/advisory/ntap-20220420-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220420-0001

reference_url	https://security.netapp.com/advisory/ntap-20220420-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220420-0001/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074788
reference_id	2074788
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074788

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-31805

reference_id

CVE-2021-31805

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-31805

reference_url

https://github.com/advisories/GHSA-v8j6-6c2r-r27c

reference_id

GHSA-v8j6-6c2r-r27c

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v8j6-6c2r-r27c

fixed_packages

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.30

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hpm1-euf1-vff1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.30

aliases CVE-2021-31805, GHSA-v8j6-6c2r-r27c

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgj2-vqzn-gyeb

url VCID-hpm1-euf1-vff1

vulnerability_id VCID-hpm1-euf1-vff1

summary

Incomplete Cleanup
When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied.
Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41835.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41835.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-41835

reference_id

reference_type

scores

value	0.00224
scoring_system	epss
scoring_elements	0.4515
published_at	2026-04-18T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45156
published_at	2026-04-16T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45107
published_at	2026-04-13T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45105
published_at	2026-04-12T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45137
published_at	2026-04-11T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45063
published_at	2026-04-07T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45121
published_at	2026-04-04T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45099
published_at	2026-04-02T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45115
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-41835

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a

reference_url

https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7

reference_url

https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711

reference_url

https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:55:29Z/

url

https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft

reference_url

https://security.netapp.com/advisory/ntap-20231013-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231013-0001

reference_url

https://www.openwall.com/lists/oss-security/2023/12/09/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:55:29Z/

url

https://www.openwall.com/lists/oss-security/2023/12/09/1

reference_url

http://www.openwall.com/lists/oss-security/2023/12/09/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/12/09/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252931
reference_id	2252931
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252931

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-41835

reference_id

CVE-2023-41835

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-41835

reference_url

https://github.com/advisories/GHSA-729q-fcgp-r5xh

reference_id

GHSA-729q-fcgp-r5xh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-729q-fcgp-r5xh

fixed_packages

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.32

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.32

url pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.1

purl pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.1

aliases CVE-2023-41835, GHSA-729q-fcgp-r5xh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpm1-euf1-vff1

url VCID-t1v1-vm43-sfhg

vulnerability_id VCID-t1v1-vm43-sfhg

summary The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9805.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9805.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9805

reference_id

reference_type

scores

value	0.94322
scoring_system	epss
scoring_elements	0.99952
published_at	2026-04-18T12:55:00Z

value	0.94322
scoring_system	epss
scoring_elements	0.99951
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9805

reference_url

https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1488482

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1488482

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-052

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-052

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/19494718865f2fb7da5ea363de3822f87fbda26

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/19494718865f2fb7da5ea363de3822f87fbda26

reference_url

https://github.com/apache/struts/commit/6dd6e5cfb7b5e020abffe7e8091bd63fe97c10a

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6dd6e5cfb7b5e020abffe7e8091bd63fe97c10a

reference_url

https://lgtm.com/blog/apache_struts_CVE-2017-9805

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

https://lgtm.com/blog/apache_struts_CVE-2017-9805

reference_url

https://security.netapp.com/advisory/ntap-20170907-0001

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20170907-0001

reference_url

https://security.netapp.com/advisory/ntap-20170907-0001/

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

https://security.netapp.com/advisory/ntap-20170907-0001/

reference_url

https://struts.apache.org/docs/s2-052.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

https://struts.apache.org/docs/s2-052.html

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_url

https://web.archive.org/web/20170909031344/http://www.securityfocus.com/bid/100609

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170909031344/http://www.securityfocus.com/bid/100609

reference_url

https://web.archive.org/web/20170922053119/http://www.securitytracker.com/id/1039263

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170922053119/http://www.securitytracker.com/id/1039263

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9805

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9805

reference_url

https://www.exploit-db.com/exploits/42627

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/42627

reference_url

https://www.exploit-db.com/exploits/42627/

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

https://www.exploit-db.com/exploits/42627/

reference_url

https://www.kb.cert.org/vuls/id/112992

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

https://www.kb.cert.org/vuls/id/112992

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url

http://www.securityfocus.com/bid/100609

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

http://www.securityfocus.com/bid/100609

reference_url

http://www.securitytracker.com/id/1039263

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:07:51Z/

url

http://www.securitytracker.com/id/1039263

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:digital_media_manager:-:::::::*
reference_id	cpe:2.3:a:cisco:digital_media_manager:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:digital_media_manager:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:hosted_collaboration_solution:10.5\(1\):::::::*
reference_id	cpe:2.3:a:cisco:hosted_collaboration_solution:10.5\(1\):::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:hosted_collaboration_solution:10.5\(1\):::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:hosted_collaboration_solution:11.0\(1\):::::::*
reference_id	cpe:2.3:a:cisco:hosted_collaboration_solution:11.0\(1\):::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:hosted_collaboration_solution:11.0\(1\):::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:hosted_collaboration_solution:11.5\(1\):::::::*
reference_id	cpe:2.3:a:cisco:hosted_collaboration_solution:11.5\(1\):::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:hosted_collaboration_solution:11.5\(1\):::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:hosted_collaboration_solution:11.6\(1\):::::::*
reference_id	cpe:2.3:a:cisco:hosted_collaboration_solution:11.6\(1\):::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:hosted_collaboration_solution:11.6\(1\):::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:media_experience_engine:3.5:::::::*
reference_id	cpe:2.3:a:cisco:media_experience_engine:3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:media_experience_engine:3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:media_experience_engine:3.5.2:::::::*
reference_id	cpe:2.3:a:cisco:media_experience_engine:3.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:media_experience_engine:3.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:network_performance_analysis:-:::::::*
reference_id	cpe:2.3:a:cisco:network_performance_analysis:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:network_performance_analysis:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:video_distribution_suite_for_internet_streaming:-:::::::*
reference_id	cpe:2.3:a:cisco:video_distribution_suite_for_internet_streaming:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:video_distribution_suite_for_internet_streaming:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:::::::*
reference_id	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:::::::*

reference_url	https://access.redhat.com/security/cve/CVE-2017-9805
reference_id	CVE-2017-9805
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2017-9805

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/42627.py
reference_id	CVE-2017-9805
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/42627.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9805

reference_id

CVE-2017-9805

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9805

reference_url

https://github.com/advisories/GHSA-gg9m-fj3v-r58c

reference_id

GHSA-gg9m-fj3v-r58c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gg9m-fj3v-r58c

fixed_packages

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.13

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-fy9j-w7r2-sugr

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hpm1-euf1-vff1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.13

aliases CVE-2017-9805, GHSA-gg9m-fj3v-r58c

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1v1-vm43-sfhg

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.10

Package Instance