{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.3.7" }, { "introduced": "0" }, { "last_affected": "2.3.8" }, { "introduced": "0" }, { "last_affected": "2.3.9" }, { "introduced": "0" }, { "last_affected": "2.3.10" }, { "introduced": "0" }, { "last_affected": "2.3.11" }, { "introduced": "0" }, { "last_affected": "2.3.12" }, { "introduced": "0" }, { "last_affected": "2.3.13" }, { "introduced": "0" }, { "last_affected": "2.3.14" }, { "introduced": "0" }, { "last_affected": "2.3.14.1" }, { "introduced": "0" }, { "last_affected": "2.3.14.2" }, { "introduced": "0" }, { "last_affected": "2.3.14.3" }, { "introduced": "0" }, { "last_affected": "2.3.15" }, { "introduced": "0" }, { "last_affected": "2.3.15.1" }, { "introduced": "0" }, { "last_affected": "2.3.15.2" }, { "introduced": "0" }, { "last_affected": "2.3.15.3" }, { "introduced": "0" }, { "last_affected": "2.3.16" }, { "introduced": "0" }, { "last_affected": "2.3.16.1" }, { "introduced": "0" }, { "last_affected": "2.3.16.2" }, { "introduced": "0" }, { "last_affected": "2.3.16.3" }, { "introduced": "0" }, { "last_affected": "2.3.17" }, { "introduced": "0" }, { "last_affected": "2.3.19" }, { "introduced": "0" }, { "last_affected": "2.3.20" }, { "introduced": "0" }, { "last_affected": "2.3.20.1" }, { "introduced": "0" }, { "last_affected": "2.3.20.2" }, { "introduced": "0" }, { "last_affected": "2.3.21" }, { "introduced": "0" }, { "last_affected": "2.3.22" }, { "introduced": "0" }, { "last_affected": "2.3.23" }, { "introduced": "0" }, { "last_affected": "2.3.24.2" }, { "introduced": "0" }, { "last_affected": "2.3.24.3" }, { "introduced": "0" }, { "last_affected": "2.3.25" }, { "introduced": "0" }, { "last_affected": "2.3.26" }, { "introduced": "0" }, { "last_affected": "2.3.27" }, { "introduced": "0" }, { "last_affected": "2.3.28" }, { "introduced": "0" }, { "last_affected": "2.3.28.1" }, { "introduced": "0" }, { "last_affected": "2.3.29" }, { "introduced": "0" }, { "last_affected": "2.3.30" }, { "introduced": "0" }, { "last_affected": "2.3.31" }, { "introduced": "0" }, { "last_affected": "2.3.32" }, { "introduced": "0" }, { "last_affected": "2.3.33" }, { "introduced": "0" }, { "last_affected": "2.5" }, { "introduced": "0" }, { "last_affected": "2.5-beta1" }, { "introduced": "0" }, { "last_affected": "2.5-beta2" }, { "introduced": "0" }, { "last_affected": "2.5-beta3" }, { "introduced": "0" }, { "last_affected": "2.5.1" }, { "introduced": "0" }, { "last_affected": "2.5.2" }, { "introduced": "0" }, { "last_affected": "2.5.3" }, { "introduced": "0" }, { "last_affected": "2.5.4" }, { "introduced": "0" }, { "last_affected": "2.5.5" }, { "introduced": "0" }, { "last_affected": "2.5.6" }, { "introduced": "0" }, { "last_affected": "2.5.7" }, { "introduced": "0" }, { "last_affected": "2.5.8" }, { "introduced": "0" }, { "last_affected": "2.5.9" }, { "introduced": "0" }, { "last_affected": "2.5.10" }, { "introduced": "0" }, { "last_affected": "2.5.10.1" }, { "introduced": "0" }, { "last_affected": "2.5.12" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "28297863aee4d747638ce5b6f22262ac6a118ae0" }, { "introduced": "0" }, { "last_affected": "b2fe62824eebd213625d23378b5307dcb1b82c77" }, { "introduced": "0" }, { "last_affected": "bef7211c41e7b0df9ff2740c0d4843f5b7a43266" }, { "introduced": "0" }, { "last_affected": "f706c2fb2f48cba9bdb67e0ab806eb3cdeba25aa" }, { "introduced": "0" }, { "last_affected": "95814f0fa018ee284fb2c79710681a63dc5ee705" }, { "introduced": "0" }, { "last_affected": "f15f28a1766fe991de85c8cd089b102f77915319" }, { "introduced": "0" }, { "last_affected": "6d3be1df385939526545714435f6c16fa3dc3d94" }, { "introduced": "0" }, { "last_affected": "9df00b0a864fac2e763b7c26ba99af057202f0f3" }, { "introduced": "0" }, { "last_affected": "fc3df96990bafdecc6f3a89cf7a4dcf15066c687" }, { "introduced": "0" }, { "last_affected": "f0c159d871ee741e0cc74fe858cc7be79841078c" }, { "introduced": "0" }, { "last_affected": "a72c1f4262a57bfe2819c6def81620d02d7867fb" }, { "introduced": "0" }, { "last_affected": "bc6094eece7dfa65e7439cd018d58e85c5d41e47" }, { "introduced": "0" }, { "last_affected": "8931ac19ea504a167f4d0c8e57ccc8f7f09f4135" }, { "introduced": "0" }, { "last_affected": "fd206c1386cc113e3f5b52fbc5b2f15a458b31b4" }, { "introduced": "0" }, { "last_affected": "3565f4d4f5c4c85a1ffab9e6169c86527aa6f4c7" }, { "introduced": "0" }, { "last_affected": "402374de33146e1c0401a247e0779e290cb0c078" }, { "introduced": "0" }, { "last_affected": "6cddee6fc539429544b28a96361a8af7a0691108" }, { "introduced": "0" }, { "last_affected": "7dd83dff485d324980f3d22c726cfd969ecf41f8" }, { "introduced": "0" }, { "last_affected": "e03ff728618f5bf551083fc3a52d43c07434bbc9" }, { "introduced": "0" }, { "last_affected": "7908a88a405458869f61ecff4b775429724a3ea4" }, { "introduced": "0" }, { "last_affected": "0032390ee89749c8dc55ac76f44900697aa0c713" }, { "introduced": "0" }, { "last_affected": "0320310406f6b11cfd235d7a9b866cf1de483a1e" }, { "introduced": "0" }, { "last_affected": "a9974eec5689a7113a6fb1e2096252f0935064dd" }, { "introduced": "0" }, { "last_affected": "d793648069386ce90fc9eae31e119de1a675f15a" }, { "introduced": "0" }, { "last_affected": "a40e9a90bf8b5039728ff312852991e7d580bff4" }, { "introduced": "0" }, { "last_affected": "22573f8de8b33ead0fee88eb67817985464218bb" }, { "introduced": "0" }, { "last_affected": "d469fffed912764f7af2da861319815d088a66e8" }, { "introduced": "0" }, { "last_affected": "a6e72347d2179a6d1a84acc0db54615c6f4b274c" }, { "introduced": "0" }, { "last_affected": "36b6fff05cd4a17f75b091c0edd52e0c1e65ec06" }, { "introduced": "0" }, { "last_affected": "8ca0f2fc464f592fa95d8435d0924c3b9da981ef" }, { "introduced": "0" }, { "last_affected": "013077abcb8d450d7313fb9fc766fe45f0b6f9c5" }, { "introduced": "0" }, { "last_affected": "8a59ed02c958db9213f0e54d816882a902891761" }, { "introduced": "0" }, { "last_affected": "0ac8932aa3a1b28a8f950863c17165cdc63b1474" }, { "introduced": "0" }, { "last_affected": "2cf0a7efeb12c8f476e31324dc56456b340ddeab" }, { "introduced": "0" }, { "last_affected": "bb22c585b5b52967fab033dba02cd244cd5b5b7a" }, { "introduced": "0" }, { "last_affected": "5c61c9a5752109a00ccdadbce3d4adb681f82c9a" }, { "introduced": "0" }, { "last_affected": "de90290354a1c6c819687305e053232bc8a4a697" }, { "introduced": "0" }, { "last_affected": "1ed29d508fc0a3762ad7d16336a71adcf69bd88d" }, { "introduced": "0" }, { "last_affected": "631ce98d171b1c7adb680b41a0303c61a81678fd" }, { "introduced": "0" }, { "last_affected": "4bee55fee30086c786d09503125a2b1c2ae8dcfa" }, { "introduced": "0" }, { "last_affected": "2a37a2e32db6d6905de48e04f71d995f41055827" }, { "introduced": "0" }, { "last_affected": "56ae397d75430dc63fd68b0bfb36afbac1226023" }, { "introduced": "0" }, { "last_affected": "9a63e6504b2d246573ff1483d45d9b12a49aa9c6" }, { "introduced": "0" }, { "last_affected": "e8aa825f21fc951418f0cfa770d32762a4a83664" }, { "introduced": "0" }, { "last_affected": "17e14ef42bcf1182c2985f2a25543cf4e88235e2" }, { "introduced": "0" }, { "last_affected": "c6a0ea2dcd6ea94bf551ed200955724013c34d3b" }, { "introduced": "0" }, { "last_affected": "12cc861875665e19c9d72a131f606a9b855b5c80" }, { "introduced": "0" }, { "last_affected": "f2348e53cbdf8ad7d9c28c66dc6fefe2c5718636" }, { "introduced": "0" }, { "last_affected": "31a0768da35bb762db93e7931cadb8552f206a56" }, { "introduced": "0" }, { "last_affected": "5054ff469a416a1fd1331389e48aca6d22eef28f" }, { "introduced": "0" }, { "last_affected": "4281e31864e0f2e0bffc0e537dc9c6e40604aec0" }, { "introduced": "0" }, { "last_affected": "ee27b6604a6e703ab5e802afa93ac43915d4373f" }, { "introduced": "0" }, { "last_affected": "f0f4e9ece77000e0eb0071bf233ed4b9bc9c8205" }, { "introduced": "0" }, { "last_affected": "376a891aeed6157d5621f9a9101d91be60f57b01" }, { "introduced": "0" }, { "last_affected": "ee74aea445883ff5ee235190722aa0fb04640a2e" } ], "repo": "https://github.com/apache/struts", "type": "GIT" } ] } ], "details": "The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.", "id": "CVE-2017-9793", "modified": "2026-03-15T13:46:10.347864393Z", "published": "2017-09-20T17:29:00.573Z", "references": [ { "type": "ADVISORY", "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htm" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/100611" }, { "type": "ADVISORY", "url": "http://www.securitytracker.com/id/1039262" }, { "type": "ADVISORY", "url": "https://security.netapp.com/advisory/ntap-20180629-0001/" }, { "type": "ADVISORY", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2" }, { "type": "FIX", "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "type": "FIX", "url": "https://struts.apache.org/docs/s2-051.html" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }