CVE-2017-9791

Confirmed PUBLISHED

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the...

Apache Software Foundation · Apache Struts
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical

At a Glance

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

apache nuclei_scanner metasploit cisa
CVE Published
Jul 10, 2017
Exploitation Reported
Feb 10, 2022
CVSS
9.8 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Apache Software Foundation
Apache Struts

2.1.x series

Affected
Apache Software Foundation
Apache Struts

2.3.x series

Affected

CVE References

  • 42324 exploit-db.com · Exploit https://www.exploit-db.com/exploits/42324/
  • 44643 exploit-db.com · Exploit https://www.exploit-db.com/exploits/44643/
  • 99484 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/99484
  • 1038838 securitytracker.com · VDB Entry http://www.securitytracker.com/id/1038838
  • oracle.com/technetwork/security-advisory/alert-cve-2017... oracle.com · CVE Record http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-98...
Show 2 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.