CVE-2017-9805CISA KEV: Actively Exploited

Apache Struts Deserialization of Untrusted Data Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

Public Exploits & PoCs18 found

PoC: struts-pwn_CVE-2017-9805

An exploit for Apache Struts CVE-2017-9805

247

PoC: struts-rce-cve-2017-9805

CVE 2017-9805

58

PoC: cve-2017-9805.py

Better Exploit Code For CVE 2017 9805 apache struts

22

PoC: -CVE-2017-9805

Exploit script for Apache Struts2 REST Plugin XStream RCE (‎CVE-2017-9805)

15

PoC: apache-struts-pwn_CVE-2017-9805

An exploit for Apache Struts CVE-2017-9805

5

PoC: struts2-rce-cve-2017-9805-ruby

cve -2017-9805

3

PoC: CVE-2017-9805-Exploit

CVE-2017-9805-Exploit

1

PoC: struts_rest_rce_fuzz-CVE-2017-9805-

Simple python script to fuzz site for CVE-2017-9805

1

PoC: S2-052

CVE-2017-9805 - Exploit

1

PoC: struts-s2-052-deserialization-rce-lab

Proof-of-Concept exploit for Apache Struts S2-052 (CVE-2017-9805) XML Deserialization Remote Code Execution. Created while solving the INE eWPTX Practice Range lab. Includes custom payloads, reverse shell exploit script, and step-by-step exploitation examples.

PoC: CVE-2017-9805-S2-052

CVE-2017-9805 S2-052 PoC

PoC: CVE-2017-9805

CVE-2017-9805: Apache Struts 2 S2-052 RCE Exploit - PoC for Harvard University (OTD)

PoC: CVE-2017-9805_example_build

Example web application that run on struts2 REST plugin 2.5.8, for demonstration purpose only

PoC: CVE-2017-9805

CVE-2017-9805 POC

PoC: CVE-2017-9805

struts2-rest-showcase 2.5.10

PoC: -CVE-2017-9805-

Exploit script for Apache Struts2 REST Plugin XStream RCE (‎CVE-2017-9805)

PoC: CVE-2017-9805-Exploit

Struts 2.5 - 2.5.12 REST Plugin XStream RCE

PoC: CVE-2017-9805-Apache-Struts-Fuzz-N-Sploit

A script to Fuzz and and exploit Apache struts CVE-2017-9805

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free