National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2017-9805

Change History

Initial Analysis - 9/29/2017 9:26:37 AM

Action Type Old Value New Value
Added CVSS V3
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Changed Reference Type
https://struts.apache.org/docs/s2-052.html No Types Assigned
https://struts.apache.org/docs/s2-052.html Vendor Advisory
Added CVSS V2
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Changed Reference Type
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html No Types Assigned
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html Third Party Advisory
Changed Reference Type
http://www.securityfocus.com/bid/100609 No Types Assigned
http://www.securityfocus.com/bid/100609 Third Party Advisory, VDB Entry
Changed Reference Type
https://cwiki.apache.org/confluence/display/WW/S2-052 No Types Assigned
https://cwiki.apache.org/confluence/display/WW/S2-052 Mitigation, Vendor Advisory
Changed Reference Type
https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax No Types Assigned
https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax Vendor Advisory
Added CWE
CWE-502
Changed Reference Type
http://www.securitytracker.com/id/1039263 No Types Assigned
http://www.securitytracker.com/id/1039263 Third Party Advisory, VDB Entry
Added CPE Configuration
OR
     *cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.3.34:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.11:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.13:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.14:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.15:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.16:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.17:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.18:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.19:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.20:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.21:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.22:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.23:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.24:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.25:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.26:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.27:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.28:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.29:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.30:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.31:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.32:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:struts:2.5.33:*:*:*:*:*:*:*
Changed Reference Type
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 No Types Assigned
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 Third Party Advisory
Changed Reference Type
https://www.exploit-db.com/exploits/42627/ No Types Assigned
https://www.exploit-db.com/exploits/42627/ Third Party Advisory, VDB Entry
Changed Reference Type
https://bugzilla.redhat.com/show_bug.cgi?id=1488482 No Types Assigned
https://bugzilla.redhat.com/show_bug.cgi?id=1488482 Issue Tracking, Third Party Advisory, VDB Entry