Exploit for #VU8111 Deserialization of untrusted data in Apache Struts
Vulnerability identifier: #VU8111
Vulnerability risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-502
Exploitation vector: Network
Exploits in database: 20
- April 6, 2021
- November 30, 2020
- September 25, 2020
- S2-052 (CVE-2017-9805 - Exploit) [Github]
- July 15, 2020
- June 2, 2020
- May 18, 2020
- April 7, 2020
- exphub (Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340) [Github]
- Exploits (Containing Self Made Perl Reproducers / PoC Codes) [Github]
- April 5, 2020
- March 18, 2020
- cve5scan (5 CVE scan and exploit) [Github]
- -CVE-2017-9805 (Exploit script for Apache Struts2 REST Plugin XStream RCE (CVE-2017-9805)) [Github]
- Alien-Framework (Alien-Framework, it is a framework with many CVE exploits and tools to use in pen-testing.) [Github]
- apache-struts-pwn_CVE-2017-9805 (An exploit for Apache Struts CVE-2017-9805) [Github]
- Apache Struts 2 REST Plugin XStream RCE [Metasploit]
- Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution [Exploit-DB]
- CVE-in-Ruby (Exploits written & ported to Ruby - no Metasploit) [Github]
- cve-2017-9805.py (Better Exploit Code For CVE 2017 9805 apache struts) [Github]
- struts-pwn_CVE-2017-9805 (An exploit for Apache Struts CVE-2017-9805) [Github]
- S2-052 (CVE-2017-9805 - Exploit) [Github]
Impact: Code execution
Vulnerable software:
Apache Struts
Server applications /
Frameworks for developing and running applications
Vendor: Apache Foundation
