CVE-2017-9787

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-9787
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9787.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-9787
Aliases
Published
2017-07-13T15:29:00.393Z
Modified
2025-11-14T05:22:53.160396Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type
GIT
Repo
https://github.com/apache/struts
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0032390ee89749c8dc55ac76f44900697aa0c713
Last affected
013077abcb8d450d7313fb9fc766fe45f0b6f9c5
Last affected
0320310406f6b11cfd235d7a9b866cf1de483a1e
Last affected
0ac8932aa3a1b28a8f950863c17165cdc63b1474
Last affected
12cc861875665e19c9d72a131f606a9b855b5c80
Last affected
17e14ef42bcf1182c2985f2a25543cf4e88235e2
Last affected
1ed29d508fc0a3762ad7d16336a71adcf69bd88d
Last affected
22573f8de8b33ead0fee88eb67817985464218bb
Last affected
28297863aee4d747638ce5b6f22262ac6a118ae0
Last affected
2cf0a7efeb12c8f476e31324dc56456b340ddeab
Last affected
31a0768da35bb762db93e7931cadb8552f206a56
Last affected
3565f4d4f5c4c85a1ffab9e6169c86527aa6f4c7
Last affected
36b6fff05cd4a17f75b091c0edd52e0c1e65ec06
Last affected
376a891aeed6157d5621f9a9101d91be60f57b01
Last affected
402374de33146e1c0401a247e0779e290cb0c078
Last affected
4281e31864e0f2e0bffc0e537dc9c6e40604aec0
Last affected
4bee55fee30086c786d09503125a2b1c2ae8dcfa
Last affected
5054ff469a416a1fd1331389e48aca6d22eef28f
Last affected
5c61c9a5752109a00ccdadbce3d4adb681f82c9a
Last affected
6cddee6fc539429544b28a96361a8af7a0691108
Last affected
6d3be1df385939526545714435f6c16fa3dc3d94
Last affected
7908a88a405458869f61ecff4b775429724a3ea4
Last affected
7a9863169f7d981be0d2d57437974ae2cc0c8bd3
Last affected
7dd83dff485d324980f3d22c726cfd969ecf41f8
Last affected
8931ac19ea504a167f4d0c8e57ccc8f7f09f4135
Last affected
8a59ed02c958db9213f0e54d816882a902891761
Last affected
8ca0f2fc464f592fa95d8435d0924c3b9da981ef
Last affected
925741ad1e8e48c7a6d687fe02d3fdb6386eb64c
Last affected
95814f0fa018ee284fb2c79710681a63dc5ee705
Last affected
9df00b0a864fac2e763b7c26ba99af057202f0f3
Last affected
a40e9a90bf8b5039728ff312852991e7d580bff4
Last affected
a6e72347d2179a6d1a84acc0db54615c6f4b274c
Last affected
a72c1f4262a57bfe2819c6def81620d02d7867fb
Last affected
a9974eec5689a7113a6fb1e2096252f0935064dd
Last affected
b2fe62824eebd213625d23378b5307dcb1b82c77
Last affected
bb22c585b5b52967fab033dba02cd244cd5b5b7a
Last affected
bbbf43ec59e7bef3b07e9065dc9784c18a95d58b
Last affected
bc6094eece7dfa65e7439cd018d58e85c5d41e47
Last affected
bef7211c41e7b0df9ff2740c0d4843f5b7a43266
Last affected
c6a0ea2dcd6ea94bf551ed200955724013c34d3b
Last affected
d469fffed912764f7af2da861319815d088a66e8
Last affected
d793648069386ce90fc9eae31e119de1a675f15a
Last affected
de90290354a1c6c819687305e053232bc8a4a697
Last affected
e03ff728618f5bf551083fc3a52d43c07434bbc9
Last affected
e8aa825f21fc951418f0cfa770d32762a4a83664
Last affected
ee27b6604a6e703ab5e802afa93ac43915d4373f
Last affected
f0c159d871ee741e0cc74fe858cc7be79841078c
Last affected
f0f4e9ece77000e0eb0071bf233ed4b9bc9c8205
Last affected
f15f28a1766fe991de85c8cd089b102f77915319
Last affected
f2348e53cbdf8ad7d9c28c66dc6fefe2c5718636
Last affected
f706c2fb2f48cba9bdb67e0ab806eb3cdeba25aa
Last affected
fc3df96990bafdecc6f3a89cf7a4dcf15066c687
Last affected
fd206c1386cc113e3f5b52fbc5b2f15a458b31b4

Affected versions

Other

STRUTS_2_2_1
STRUTS_2_3_14
STRUTS_2_3_16_1
STRUTS_2_3_16_2
STRUTS_2_3_16_3
STRUTS_2_3_17
STRUTS_2_3_19

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9787.json"