CVE-2017-9791 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Struts 1 plugin in Apache Struts affects v. 2.1.x and 2.3.x.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2017-9791 Scanner Detail
Apache Struts is a popular framework for creating Java web applications. It provides developers with a wide range of tools to simplify the development process and build more secure and reliable applications. The Struts 1 plugin is a component of Apache Struts that allows developers to integrate legacy Struts 1 applications with new Struts 2 applications. This plugin provides backwards compatibility for older applications, allowing developers to take advantage of the new features and security enhancements in Struts 2 while still maintaining their existing applications.
The CVE-2017-9791 vulnerability is a serious security flaw in the Struts 1 plugin for Apache Struts. This vulnerability can be exploited by an attacker to execute arbitrary code on a target system by passing a malicious field value to the ActionMessage. This can be accomplished through a variety of methods, including sending a specially crafted request to a vulnerable application, or by injecting malicious code into a legitimate request.
If this vulnerability is exploited, it can lead to a wide range of consequences for the target system. Attackers may be able to access sensitive data, execute arbitrary code, or even take control of the system entirely. This can result in data breaches, system downtime, and other serious security issues.
Thanks to the pro features of the securityforeveryone.com platform, individuals and businesses can easily and quickly learn about vulnerabilities in their digital assets. By using this platform, they can stay informed about the latest security threats and take proactive steps to protect their systems. The platform offers a range of tools and resources, including vulnerability scanners, threat intelligence feeds, and expert analysis, to help users identify and mitigate security risks.
REFERENCES
- http://struts.apache.org/docs/s2-048.html
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
- http://www.securityfocus.com/bid/99484
- http://www.securitytracker.com/id/1038838
- https://security.netapp.com/advisory/ntap-20180706-0002/
- https://www.exploit-db.com/exploits/42324/
- https://www.exploit-db.com/exploits/44643/
control security posture