AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

http://www.securityfocus.com/bid/100609

http://www.securitytracker.com/id/1039263

https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax

https://bugzilla.redhat.com/show_bug.cgi?id=1488482

https://cwiki.apache.org/confluence/display/WW/S2-052

https://lgtm.com/blog/apache_struts_CVE-2017-9805

https://security.netapp.com/advisory/ntap-20170907-0001/

https://struts.apache.org/docs/s2-052.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

https://www.exploit-db.com/exploits/42627/

https://www.kb.cert.org/vuls/id/112992

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

OR
     *cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.3:*:*:*:*

OR
     *cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* versions from (including) 2.1.2 up to (excluding) 2.3.34
     *cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* versions from (including) 2.5.0 up to (excluding) 2.5.13

OR
     *cpe:2.3:a:cisco:digital_media_manager:-:*:*:*:*:*:*:*
     *cpe:2.3:a:cisco:hosted_collaboration_solution:10.5\(1\):*:*:*:*:*:*:*
     *cpe:2.3:a:cisco:hosted_collaboration_solution:11.0\(1\):*:*:*:*:*:*:*
     *cpe:2.3:a:cisco:hosted_collaboration_solution:11.5\(1\):*:*:*:*:*:*:*
     *cpe:2.3:a:cisco:hosted_collaboration_solution:11.6\(1\):*:*:*:*:*:*:*
     *cpe:2.3:a:cisco:media_experience_engine:3.5:*:*:*:*:*:*:*
     *cpe:2.3:a:cisco:media_experience_engine:3.5.2:*:*:*:*:*:*:*
   

OR
     *cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html Patch, Third Party Advisory

http://www.securityfocus.com/bid/100609 Third Party Advisory, VDB Entry

http://www.securityfocus.com/bid/100609 Broken Link, Third Party Advisory, VDB Entry

http://www.securitytracker.com/id/1039263 Third Party Advisory, VDB Entry

http://www.securitytracker.com/id/1039263 Broken Link, Third Party Advisory, VDB Entry

https://lgtm.com/blog/apache_struts_CVE-2017-9805 No Types Assigned

https://lgtm.com/blog/apache_struts_CVE-2017-9805 Broken Link

https://security.netapp.com/advisory/ntap-20170907-0001/ No Types Assigned

https://security.netapp.com/advisory/ntap-20170907-0001/ Third Party Advisory

https://struts.apache.org/docs/s2-052.html Vendor Advisory

https://struts.apache.org/docs/s2-052.html Mitigation, Vendor Advisory

https://www.exploit-db.com/exploits/42627/ Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/42627/ Exploit, Third Party Advisory, VDB Entry

https://www.kb.cert.org/vuls/id/112992 No Types Assigned

https://www.kb.cert.org/vuls/id/112992 Third Party Advisory, US Government Resource

The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

https://security.netapp.com/advisory/ntap-20170907-0001/ [No Types Assigned]

https://lgtm.com/blog/apache_struts_CVE-2017-9805 [No Types Assigned]

https://www.kb.cert.org/vuls/id/112992 [No Types Assigned]

OR
     *cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.3:*:*:*:*

OR
     *cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.3:*:*:*:*

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

CWE-502

OR
     *cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.3:*:*:*:*

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html No Types Assigned

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html Third Party Advisory

http://www.securityfocus.com/bid/100609 No Types Assigned

http://www.securityfocus.com/bid/100609 Third Party Advisory, VDB Entry

http://www.securitytracker.com/id/1039263 No Types Assigned

http://www.securitytracker.com/id/1039263 Third Party Advisory, VDB Entry

https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax No Types Assigned

https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1488482 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=1488482 Issue Tracking, Third Party Advisory, VDB Entry

https://cwiki.apache.org/confluence/display/WW/S2-052 No Types Assigned

https://cwiki.apache.org/confluence/display/WW/S2-052 Mitigation, Vendor Advisory

https://struts.apache.org/docs/s2-052.html No Types Assigned

https://struts.apache.org/docs/s2-052.html Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 No Types Assigned

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 Third Party Advisory

https://www.exploit-db.com/exploits/42627/ No Types Assigned

https://www.exploit-db.com/exploits/42627/ Third Party Advisory, VDB Entry

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html [No Types Assigned]

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 [No Types Assigned]

http://www.securityfocus.com/bid/100609 [No Types Assigned]

http://www.securitytracker.com/id/1039263 [No Types Assigned]

https://www.exploit-db.com/exploits/42627/ [No Types Assigned]