CVE-2017-9791
- Source
- https://cve.org/CVERecord?id=CVE-2017-9791
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9791.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-9791
- Aliases
- Published
- 2017-07-10T16:29:00.277Z
- Modified
- 2026-03-20T11:22:46.504437Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9791
- http://struts.apache.org/docs/s2-048.html
- http://www.securityfocus.com/bid/99484
- http://www.securitytracker.com/id/1038838
- https://security.netapp.com/advisory/ntap-20180706-0002/
- https://www.exploit-db.com/exploits/42324/
- https://www.exploit-db.com/exploits/44643/
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
Affected packages
Git / github.com/apache/struts
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/struts
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.3.1" }, { "introduced": "0" }, { "last_affected": "2.3.1.1" }, { "introduced": "0" }, { "last_affected": "2.3.1.2" }, { "introduced": "0" }, { "last_affected": "2.3.3" }, { "introduced": "0" }, { "last_affected": "2.3.4" }, { "introduced": "0" }, { "last_affected": "2.3.4.1" }, { "introduced": "0" }, { "last_affected": "2.3.7" }, { "introduced": "0" }, { "last_affected": "2.3.8" }, { "introduced": "0" }, { "last_affected": "2.3.12" }, { "introduced": "0" }, { "last_affected": "2.3.14" }, { "introduced": "0" }, { "last_affected": "2.3.14.1" }, { "introduced": "0" }, { "last_affected": "2.3.14.2" }, { "introduced": "0" }, { "last_affected": "2.3.14.3" }, { "introduced": "0" }, { "last_affected": "2.3.15" }, { "introduced": "0" }, { "last_affected": "2.3.15.1" }, { "introduced": "0" }, { "last_affected": "2.3.15.2" }, { "introduced": "0" }, { "last_affected": "2.3.15.3" }, { "introduced": "0" }, { "last_affected": "2.3.16" }, { "introduced": "0" }, { "last_affected": "2.3.16.1" }, { "introduced": "0" }, { "last_affected": "2.3.16.2" }, { "introduced": "0" }, { "last_affected": "2.3.16.3" }, { "introduced": "0" }, { "last_affected": "2.3.20" }, { "introduced": "0" }, { "last_affected": "2.3.20.1" }, { "introduced": "0" }, { "last_affected": "2.3.20.3" }, { "introduced": "0" }, { "last_affected": "2.3.24" }, { "introduced": "0" }, { "last_affected": "2.3.24.1" }, { "introduced": "0" }, { "last_affected": "2.3.24.3" }, { "introduced": "0" }, { "last_affected": "2.3.28" }, { "introduced": "0" }, { "last_affected": "2.3.28.1" }, { "introduced": "0" }, { "last_affected": "2.3.29" }, { "introduced": "0" }, { "last_affected": "2.3.30" }, { "introduced": "0" }, { "last_affected": "2.3.31" }, { "introduced": "0" }, { "last_affected": "2.3.32" } ] }