漏洞描述
当启用 Struts REST的XStreamhandler去反序列化处理一个没有经过任何类型过滤的XStream的实例,可能导致在处理XML时造成远程代码执行漏洞。
Struts2 REST S2-052 反序列化-远程命令执行(CVE-2017-9805)
PoC代码
暂无相关漏洞推荐
- Apache Struts2 S2-067 /index.action 文件上传漏洞(CVE-2024-53677)
- Struts2-062 / 代码执行漏洞(CVE-2021-31805)
- Apache Struts2 2.0.0~2.2.3 S2-007 /user.action 命令执行漏洞(CVE-2012-0838)
- POC CVE-2007-4556: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
- POC CVE-2012-0392: Apache Struts2 S2-008 RCE
- POC CVE-2013-1965: Apache Struts2 S2-012 RCE
- POC CVE-2013-2251: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
- POC CVE-2017-12611: Apache Struts2 S2-053 - Remote Code Execution
- POC CVE-2017-5638: Apache Struts 2 - Remote Command Execution
- POC CVE-2017-9791: Apache Struts2 S2-053 - Remote Code Execution
- POC CVE-2017-9805: Apache Struts2 S2-052 - Remote Code Execution
- POC CVE-2018-11776: Apache Struts2 S2-057 - Remote Code Execution
- POC CVE-2021-31805: Apache Struts2 S2-062 - Remote Code Execution