Signature Detail

HTTP: Apache Struts 2 REST Plugin XStream Denial of Service

This signature detects attempts to exploit a known vulnerability in the Apache Struts 2 REST plugin. Successful exploitation will cause the application server to terminate, resulting in a denial-of-service condition.

Extended Description

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

Affected Products

• Apache struts 2.3.10
• Apache struts 2.3.11
• Apache struts 2.3.12
• Apache struts 2.3.13
• Apache struts 2.3.14
• Apache struts 2.3.14.1
• Apache struts 2.3.14.2
• Apache struts 2.3.14.3
• Apache struts 2.3.15
• Apache struts 2.3.15.1
• Apache struts 2.3.15.2
• Apache struts 2.3.15.3
• Apache struts 2.3.16
• Apache struts 2.3.16.1
• Apache struts 2.3.16.2
• Apache struts 2.3.16.3
• Apache struts 2.3.17
• Apache struts 2.3.19
• Apache struts 2.3.20
• Apache struts 2.3.20.1
• Apache struts 2.3.20.2
• Apache struts 2.3.21
• Apache struts 2.3.22
• Apache struts 2.3.23
• Apache struts 2.3.24.2
• Apache struts 2.3.24.3
• Apache struts 2.3.25
• Apache struts 2.3.26
• Apache struts 2.3.27
• Apache struts 2.3.28
• Apache struts 2.3.28.1
• Apache struts 2.3.29
• Apache struts 2.3.30
• Apache struts 2.3.31
• Apache struts 2.3.32
• Apache struts 2.3.33
• Apache struts 2.3.7
• Apache struts 2.3.8
• Apache struts 2.3.9
• Apache struts 2.5
• Apache struts 2.5.1
• Apache struts 2.5.10
• Apache struts 2.5.10.1
• Apache struts 2.5.12
• Apache struts 2.5.2
• Apache struts 2.5.3
• Apache struts 2.5.4
• Apache struts 2.5.5
• Apache struts 2.5.6
• Apache struts 2.5.7
• Apache struts 2.5.8
• Apache struts 2.5.9

References

• CVE: CVE-2017-9793