CVE-2017-9787
Summary
| CVE | CVE-2017-9787 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-07-13 15:29:00 UTC |
| Updated | 2023-11-07 02:50:00 UTC |
| Description | When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Struts | 2.3.10 | All | All | All |
| Application | Apache | Struts | 2.3.11 | All | All | All |
| Application | Apache | Struts | 2.3.12 | All | All | All |
| Application | Apache | Struts | 2.3.13 | All | All | All |
| Application | Apache | Struts | 2.3.14 | All | All | All |
| Application | Apache | Struts | 2.3.14.1 | All | All | All |
| Application | Apache | Struts | 2.3.14.2 | All | All | All |
| Application | Apache | Struts | 2.3.14.3 | All | All | All |
| Application | Apache | Struts | 2.3.15 | All | All | All |
| Application | Apache | Struts | 2.3.15.1 | All | All | All |
| Application | Apache | Struts | 2.3.15.2 | All | All | All |
| Application | Apache | Struts | 2.3.15.3 | All | All | All |
| Application | Apache | Struts | 2.3.16 | All | All | All |
| Application | Apache | Struts | 2.3.16.1 | All | All | All |
| Application | Apache | Struts | 2.3.16.2 | All | All | All |
| Application | Apache | Struts | 2.3.16.3 | All | All | All |
| Application | Apache | Struts | 2.3.17 | All | All | All |
| Application | Apache | Struts | 2.3.19 | All | All | All |
| Application | Apache | Struts | 2.3.20 | All | All | All |
| Application | Apache | Struts | 2.3.20.1 | All | All | All |
| Application | Apache | Struts | 2.3.20.2 | All | All | All |
| Application | Apache | Struts | 2.3.20.3 | All | All | All |
| Application | Apache | Struts | 2.3.21 | All | All | All |
| Application | Apache | Struts | 2.3.22 | All | All | All |
| Application | Apache | Struts | 2.3.23 | All | All | All |
| Application | Apache | Struts | 2.3.24 | All | All | All |
| Application | Apache | Struts | 2.3.24.1 | All | All | All |
| Application | Apache | Struts | 2.3.24.2 | All | All | All |
| Application | Apache | Struts | 2.3.24.3 | All | All | All |
| Application | Apache | Struts | 2.3.25 | All | All | All |
| Application | Apache | Struts | 2.3.26 | All | All | All |
| Application | Apache | Struts | 2.3.27 | All | All | All |
| Application | Apache | Struts | 2.3.28 | All | All | All |
| Application | Apache | Struts | 2.3.28.1 | All | All | All |
| Application | Apache | Struts | 2.3.29 | All | All | All |
| Application | Apache | Struts | 2.3.30 | All | All | All |
| Application | Apache | Struts | 2.3.31 | All | All | All |
| Application | Apache | Struts | 2.3.32 | All | All | All |
| Application | Apache | Struts | 2.3.7 | All | All | All |
| Application | Apache | Struts | 2.3.8 | All | All | All |
| Application | Apache | Struts | 2.3.9 | All | All | All |
| Application | Apache | Struts | 2.5 | All | All | All |
| Application | Apache | Struts | 2.5.1 | All | All | All |
| Application | Apache | Struts | 2.5.10 | All | All | All |
| Application | Apache | Struts | 2.5.10.1 | All | All | All |
| Application | Apache | Struts | 2.5.2 | All | All | All |
| Application | Apache | Struts | 2.5.3 | All | All | All |
| Application | Apache | Struts | 2.5.4 | All | All | All |
| Application | Apache | Struts | 2.5.5 | All | All | All |
| Application | Apache | Struts | 2.5.6 | All | All | All |
| Application | Apache | Struts | 2.5.7 | All | All | All |
| Application | Apache | Struts | 2.5.8 | All | All | All |
| Application | Apache | Struts | 2.5.9 | All | All | All |
| Application | Apache | Struts | 2.3.10 | All | All | All |
| Application | Apache | Struts | 2.3.11 | All | All | All |
| Application | Apache | Struts | 2.3.12 | All | All | All |
| Application | Apache | Struts | 2.3.13 | All | All | All |
| Application | Apache | Struts | 2.3.14 | All | All | All |
| Application | Apache | Struts | 2.3.14.1 | All | All | All |
| Application | Apache | Struts | 2.3.14.2 | All | All | All |
| Application | Apache | Struts | 2.3.14.3 | All | All | All |
| Application | Apache | Struts | 2.3.15 | All | All | All |
| Application | Apache | Struts | 2.3.15.1 | All | All | All |
| Application | Apache | Struts | 2.3.15.2 | All | All | All |
| Application | Apache | Struts | 2.3.15.3 | All | All | All |
| Application | Apache | Struts | 2.3.16 | All | All | All |
| Application | Apache | Struts | 2.3.16.1 | All | All | All |
| Application | Apache | Struts | 2.3.16.2 | All | All | All |
| Application | Apache | Struts | 2.3.16.3 | All | All | All |
| Application | Apache | Struts | 2.3.17 | All | All | All |
| Application | Apache | Struts | 2.3.19 | All | All | All |
| Application | Apache | Struts | 2.3.20 | All | All | All |
| Application | Apache | Struts | 2.3.20.1 | All | All | All |
| Application | Apache | Struts | 2.3.20.2 | All | All | All |
| Application | Apache | Struts | 2.3.20.3 | All | All | All |
| Application | Apache | Struts | 2.3.21 | All | All | All |
| Application | Apache | Struts | 2.3.22 | All | All | All |
| Application | Apache | Struts | 2.3.23 | All | All | All |
| Application | Apache | Struts | 2.3.24 | All | All | All |
| Application | Apache | Struts | 2.3.24.1 | All | All | All |
| Application | Apache | Struts | 2.3.24.2 | All | All | All |
| Application | Apache | Struts | 2.3.24.3 | All | All | All |
| Application | Apache | Struts | 2.3.25 | All | All | All |
| Application | Apache | Struts | 2.3.26 | All | All | All |
| Application | Apache | Struts | 2.3.27 | All | All | All |
| Application | Apache | Struts | 2.3.28 | All | All | All |
| Application | Apache | Struts | 2.3.28.1 | All | All | All |
| Application | Apache | Struts | 2.3.29 | All | All | All |
| Application | Apache | Struts | 2.3.30 | All | All | All |
| Application | Apache | Struts | 2.3.31 | All | All | All |
| Application | Apache | Struts | 2.3.32 | All | All | All |
| Application | Apache | Struts | 2.3.7 | All | All | All |
| Application | Apache | Struts | 2.3.8 | All | All | All |
| Application | Apache | Struts | 2.3.9 | All | All | All |
| Application | Apache | Struts | 2.5 | All | All | All |
| Application | Apache | Struts | 2.5.1 | All | All | All |
| Application | Apache | Struts | 2.5.10 | All | All | All |
| Application | Apache | Struts | 2.5.10.1 | All | All | All |
| Application | Apache | Struts | 2.5.2 | All | All | All |
| Application | Apache | Struts | 2.5.3 | All | All | All |
| Application | Apache | Struts | 2.5.4 | All | All | All |
| Application | Apache | Struts | 2.5.5 | All | All | All |
| Application | Apache | Struts | 2.5.6 | All | All | All |
| Application | Apache | Struts | 2.5.7 | All | All | All |
| Application | Apache | Struts | 2.5.8 | All | All | All |
| Application | Apache | Struts | 2.5.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | lists.apache.org | ||
| Apache Struts Spring AOP Flaw Lets Remote Users Deny Service - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Oracle Security Alert CVE-2017-9805 | CONFIRM | www.oracle.com | |
| Pony Mail! | lists.apache.org | ||
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| July 2017 Apache Struts Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Vendor Advisory |
| S2-049 - Apache Struts 2 Documentation - Apache Software Foundation | CONFIRM | struts.apache.org | Vendor Advisory |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 981191 Java (maven) Security Update for org.apache.struts:struts2-core (GHSA-8mr5-h28g-36qx)