All the vulnerabilites related to xstream - xstream
var-201709-1229
Vulnerability from variot
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. Apache Struts 2 framework, versions 2.5 to 2.5.12, with REST plugin insecurely deserializes untrusted XML data. A remote, unauthenticated attacker can leverage this vulnerability to execute arbitrary code in the context of the Struts application. Apache Struts2 Contains a vulnerability that allows arbitrary code execution (S2-052) Exists. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Apache Struts 2.1.2 through 2.3.33 and 2.5 through 2.5.12 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2.1.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.1182"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.4.2.4181"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.4.1"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.4.0"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.3.4.3247"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.3.3.1199"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.3.2.1162"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.3.0.1098"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.8.2223"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.7.1204"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.5.1141"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.4.1102"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.1.1049"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance performance insight for general insurance",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "financial services pricing management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services pricing management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services pricing management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "1.5.1"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services icaap analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "financial services basel regulatory capital internal ratings bas",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services basel regulatory capital internal ratings bas",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services basel regulatory capital internal ratings bas",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services basel regulatory capital internal ratings bas",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.5.1"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.5"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "11.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.31"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.30"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.28"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.24"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.32"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.29"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.20"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.16"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.15"
},
{
"model": "network performance analysis",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "0"
},
{
"model": "mxe series media experience engines",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "35000"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "0"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.5.9"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.5.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.5.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.5.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.33"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.28.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.24.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.24.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.24.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.20.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.20.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.20.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.16.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.16.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.16.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.15.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.15.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.15.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.14.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.14.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.14.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.14"
},
{
"model": "struts",
"scope": "ne",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.34"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.3"
},
{
"model": "struts",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.5.13"
},
{
"model": "hosted collaboration solution",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.5\\(1\\)"
},
{
"model": "hosted collaboration solution",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(1\\)"
},
{
"model": "network performance analysis",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "hosted collaboration solution",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "oncommand balance",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "struts",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.1.2"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "struts",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.5.0"
},
{
"model": "media experience engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "video distribution suite for internet streaming",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "struts",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.34"
},
{
"model": "hosted collaboration solution",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "media experience engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.10.1"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.1"
},
{
"model": "video distribution suite for internet streaming",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "hosted collaboration solution for contact center",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.11"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.13"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache struts",
"version": null
},
{
"model": "struts",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.1.2 from 2.3.33"
},
{
"model": "struts",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.5 from 2.5.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.41"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.1.8.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.1.1"
},
{
"model": "xstream",
"scope": "eq",
"trust": 0.3,
"vendor": "xstream",
"version": "0"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "video distribution suite for internet streaming vds-is",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.13"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:struts",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yasser Zamani",
"sources": [
{
"db": "BID",
"id": "99562"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.3,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9805",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-006931",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-9805",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-006931",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9805",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-006931",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-914",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-9805",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. Apache Struts 2 framework, versions 2.5 to 2.5.12, with REST plugin insecurely deserializes untrusted XML data. A remote, unauthenticated attacker can leverage this vulnerability to execute arbitrary code in the context of the Struts application. Apache Struts2 Contains a vulnerability that allows arbitrary code execution (S2-052) Exists. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nApache Struts 2.1.2 through 2.3.33 and 2.5 through 2.5.12 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9805"
},
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
}
],
"trust": 4.32
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/112992",
"trust": 0.8,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42627",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9805",
"trust": 5.4
},
{
"db": "CERT/CC",
"id": "VU#112992",
"trust": 3.5
},
{
"db": "BID",
"id": "100609",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1039263",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "42627",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU92761484",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914",
"trust": 0.6
},
{
"db": "BID",
"id": "99562",
"trust": 0.3
},
{
"db": "BID",
"id": "99563",
"trust": 0.3
},
{
"db": "BID",
"id": "99484",
"trust": 0.3
},
{
"db": "BID",
"id": "100612",
"trust": 0.3
},
{
"db": "BID",
"id": "100611",
"trust": 0.3
},
{
"db": "BID",
"id": "100829",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2017-9805",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"id": "VAR-201709-1229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.29166666
},
"last_update_date": "2024-11-27T22:39:42.649000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Announcements - 05 September 2017 - Struts 2.5.13 General Availability",
"trust": 0.8,
"url": "https://struts.apache.org/announce.html"
},
{
"title": "S2-050: A regular expression Denial of Service when using URLValidator (similar to S2-044 \u0026 S2-047)",
"trust": 0.8,
"url": "https://struts.apache.org/docs/s2-050.html"
},
{
"title": "S2-051: A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin",
"trust": 0.8,
"url": "https://struts.apache.org/docs/s2-051.html"
},
{
"title": "S2-052: Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads",
"trust": 0.8,
"url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
},
{
"title": "Apache Struts REST plugin Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96764"
},
{
"title": "Red Hat: CVE-2017-9805",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-9805"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170907-struts2"
},
{
"title": "Brocade Security Advisories: BSA-2017-427",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=a001b1600f58e0e70253dc5b53eaa134"
},
{
"title": "Oracle: Oracle Security Alert Advisory - CVE-2017-9805",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=6b1cb2cef1b849b4466dd22ab18f80c9"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "S2-052",
"trust": 0.1,
"url": "https://github.com/iBearcat/S2-052 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://struts.apache.org/docs/s2-052.html"
},
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/112992"
},
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170907-struts2"
},
{
"trust": 2.4,
"url": "https://lgtm.com/blog/apache_struts_cve-2017-9805"
},
{
"trust": 2.1,
"url": "http://struts.apache.org/"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cve-2017-9805-products-3905487.html"
},
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039263"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20170907-0001/"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100609"
},
{
"trust": 1.6,
"url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/42627/"
},
{
"trust": 1.6,
"url": "https://cwiki.apache.org/confluence/display/ww/s2-052"
},
{
"trust": 1.2,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.8,
"url": "https://github.com/rapid7/metasploit-framework/pull/8924/files"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9805"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2017/at170033.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92761484/index.html"
},
{
"trust": 0.6,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/docs/s2-049.html"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/docs/s2-047.html"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/announce.html#a20170707"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/docs/s2-048.html"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488491"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-9804"
},
{
"trust": 0.3,
"url": "https://struts.apache.org/docs/s2-050.html"
},
{
"trust": 0.3,
"url": "https://struts.apache.org/docs/s2-051.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-9793"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488481"
},
{
"trust": 0.3,
"url": "https://lgtm.com/blog/apache_struts_cve-2017-9805_announcement"
},
{
"trust": 0.3,
"url": "https://struts.apache.org/docs/version-notes-2513.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-9805"
},
{
"trust": 0.3,
"url": "https://struts.apache.org/docs/s2-053.html"
},
{
"trust": 0.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170909-struts2-rce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-12611"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#112992"
},
{
"date": "2017-09-15T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99562"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99563"
},
{
"date": "2017-07-07T00:00:00",
"db": "BID",
"id": "99484"
},
{
"date": "2017-09-05T00:00:00",
"db": "BID",
"id": "100612"
},
{
"date": "2017-09-05T00:00:00",
"db": "BID",
"id": "100611"
},
{
"date": "2017-09-05T00:00:00",
"db": "BID",
"id": "100609"
},
{
"date": "2017-09-07T00:00:00",
"db": "BID",
"id": "100829"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"date": "2017-09-15T19:29:00.237000",
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#112992"
},
{
"date": "2019-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "99562"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "99563"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "99484"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "100612"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "100611"
},
{
"date": "2017-09-27T10:00:00",
"db": "BID",
"id": "100609"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "100829"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"date": "2019-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"date": "2024-11-21T03:36:53.557000",
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
}
],
"trust": 2.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data",
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
}
],
"trust": 1.2
}
}
cve-2022-40151
Vulnerability from cvelistv5
Published
2022-09-16 10:00
Modified
2024-09-16 16:37
Severity ?
EPSS score ?
Summary
Stack Buffer Overflow in xstream
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367 | x_refsource_MISC | |
| https://github.com/x-stream/xstream/issues/304 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/x-stream/xstream/issues/304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xstream",
"vendor": "xstream",
"versions": [
{
"lessThanOrEqual": "1.4.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T10:00:20",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/x-stream/xstream/issues/304"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Stack Buffer Overflow in xstream",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2022-08-07T22:00:00.000Z",
"ID": "CVE-2022-40151",
"STATE": "PUBLIC",
"TITLE": "Stack Buffer Overflow in xstream"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xstream",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.4.19"
}
]
}
}
]
},
"vendor_name": "xstream"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367"
},
{
"name": "https://github.com/x-stream/xstream/issues/304",
"refsource": "MISC",
"url": "https://github.com/x-stream/xstream/issues/304"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-40151",
"datePublished": "2022-09-16T10:00:20.584204Z",
"dateReserved": "2022-09-07T00:00:00",
"dateUpdated": "2024-09-16T16:37:30.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10173
Vulnerability from cvelistv5
Published
2019-07-23 12:50
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:3892 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:4352 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2020:0445 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2020:0727 | vendor-advisory, x_refsource_REDHAT | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173 | x_refsource_CONFIRM | |
| http://x-stream.github.io/changes.html#1.4.11 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"name": "RHSA-2020:0445",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "RHSA-2020:0727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://x-stream.github.io/changes.html#1.4.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xstream",
"vendor": "xstream",
"versions": [
{
"status": "affected",
"version": "fixed in 1.4.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:53:25",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"name": "RHSA-2020:0445",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "RHSA-2020:0727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://x-stream.github.io/changes.html#1.4.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xstream",
"version": {
"version_data": [
{
"version_value": "fixed in 1.4.11"
}
]
}
}
]
},
"vendor_name": "xstream"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:3892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4352",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"name": "RHSA-2020:0445",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "RHSA-2020:0727",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173"
},
{
"name": "http://x-stream.github.io/changes.html#1.4.11",
"refsource": "MISC",
"url": "http://x-stream.github.io/changes.html#1.4.11"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10173",
"datePublished": "2019-07-23T12:50:44",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}