CVE-2017-9791
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
Affected Platforms (CPE)
📦
Apache
Struts
= 2.3.1📦
Apache
Struts
= 2.3.1.1📦
Apache
Struts
= 2.3.1.2📦
Apache
Struts
= 2.3.3📦
Apache
Struts
= 2.3.4📦
Apache
Struts
= 2.3.4.1📦
Apache
Struts
= 2.3.7📦
Apache
Struts
= 2.3.8📦
Apache
Struts
= 2.3.12📦
Apache
Struts
= 2.3.14📦
Apache
Struts
= 2.3.14.1📦
Apache
Struts
= 2.3.14.2📦
Apache
Struts
= 2.3.14.3📦
Apache
Struts
= 2.3.15📦
Apache
Struts
= 2.3.15.1📦
Apache
Struts
= 2.3.15.2📦
Apache
Struts
= 2.3.15.3📦
Apache
Struts
= 2.3.16📦
Apache
Struts
= 2.3.16.1📦
Apache
Struts
= 2.3.16.2📦
Apache
Struts
= 2.3.16.3📦
Apache
Struts
= 2.3.20📦
Apache
Struts
= 2.3.20.1📦
Apache
Struts
= 2.3.20.3📦
Apache
Struts
= 2.3.24📦
Apache
Struts
= 2.3.24.1📦
Apache
Struts
= 2.3.24.3📦
Apache
Struts
= 2.3.28📦
Apache
Struts
= 2.3.28.1📦
Apache
Struts
= 2.3.29📦
Apache
Struts
= 2.3.30📦
Apache
Struts
= 2.3.31📦
Apache