CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: May 3, 2022
High
CISA KEVCVE-2017-9805
Apache—Struts
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.
Required Action
https://nvd.nist.gov/vuln/detail/CVE-2017-9805
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Nov 3, 2021
- KEV Added
- Nov 3, 2021
- Due Date
- May 3, 2022
- Related Articles
- 0
Vendor
Apache
Struts