Remote Code Execution Vulnerability in the Struts REST plugin is now fixed by Apache

Spread the love

Apache Software Foundation releases a security update to address a vulnerability (CVE-2017-9805) in Struts 2.

The REST Plugin in Apache Struts 2 is using a XStreamHandler with an instance of XStream for deserialization without any type filtering which could lead to Remote Code Execution when deserializing XML payloads.

Source: Apache Security Bulletin