CVE-2017-9805 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-9805 Interim 1 11 2024-07-29T00:06:07Z current 2021-05-30T13:57:40Z 2024-07-29T00:06:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-9805 The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Manager Server 3.0 SUSE Manager Server 3.1 struts struts-javadoc struts-manual struts as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 struts-javadoc as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 struts-manual as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 struts as a component of SUSE Manager Server 3.0 struts as a component of SUSE Manager Server 3.1 The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. CVE-2017-9805 SUSE Linux Enterprise Software Development Kit 11 SP4:struts SUSE Linux Enterprise Software Development Kit 11 SP4:struts-javadoc SUSE Linux Enterprise Software Development Kit 11 SP4:struts-manual SUSE Manager Server 3.0:struts SUSE Manager Server 3.1:struts important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H