Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.108624 |
Kategorie: | Web application abuses |
Titel: | Apache Struts Security Update (S2-051, S2-052) - Version Check |
Zusammenfassung: | Apache Struts is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Apache Struts is prone to multiple vulnerabilities. Vulnerability Insight: - CVE-2017-9793: The REST Plugin is using outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. - CVE-2017-9805: The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering and this can lead to Remote Code Execution when deserializing XML payloads. Vulnerability Impact: - CVE-2017-9793: An attacker can exploit this issue to cause a DoS condition, denying service to legitimate users. - CVE-2017-9805: A RCE attack is possible when using the Struts REST plugin with XStream handler to deserialise XML requests. Affected Software/OS: Apache Struts 2.1.6 through 2.3.33 and 2.5 through 2.5.12. Solution: Update to version 2.3.34, 2.5.13 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 100609 BugTraq ID: 100611 Common Vulnerability Exposure (CVE) ID: CVE-2017-9793 http://www.securityfocus.com/bid/100611 Cisco Security Advisory: 20170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 http://www.securitytracker.com/id/1039262 Common Vulnerability Exposure (CVE) ID: CVE-2017-9805 http://www.securityfocus.com/bid/100609 CERT/CC vulnerability note: VU#112992 https://www.kb.cert.org/vuls/id/112992 https://www.exploit-db.com/exploits/42627/ https://lgtm.com/blog/apache_struts_CVE-2017-9805 http://www.securitytracker.com/id/1039263 |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |