edit-icon download-icon

[Vulnerability notice] CVE-2017-9805: Struts2 REST plugin remote code execution (S2-052)

Last Updated: May 07, 2018

On September 5, 2017, the Struts official exposed a critical level vulnerability, No. S2-052. Under certain condition, hackers can exploit this vulnerability to remotely send crafted malicious packets to get permissions for business data and servers. Therefore, this vulnerability has a high security risk.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-9805

Vulnerability name

Struts2 REST plugin remote code execution vulnerability (S2-052)

Vulnerability rating

Critical

Vulnerability description

When using the Struts2 REST plugin with XStream handler to handle XML payloads without any filtering process, remote code execution attack can be possible. Hackers can exploit this vulnerability to craft malicious XML contents to get the permissions for data or servers.

Condition and method of exploitation

Use the REST plugin in the affected versions of Strust2.

Affected scope

  • All versions of Struts 2.3.x
  • Struts 2.5 to Struts 2.5.12

Vulnerability detection

Check whether the REST plugin is used in Struts, and whether the version of Struts is affected.

How to fix or mitigate

  • Currently, the official has released a patch for fixing this vulnerability. We recommend that you upgrade to Apache Struts2.5.13 or Apache Struts 2.3.34.

  • Alibaba Cloud Security WAF has released the vulnerability rule. You can deploy WAF for your web applications to detect and safeguard the attacks that exploit this vulnerability to avoid the security risk.

Reference

[1]. https://cwiki.apache.org/confluence/display/WW/S2-052

Thank you! We've received your feedback.