CVE-2017-9793

Name of the Vulnerable Software and Affected Versions: Apache Struts versions 2.1.x, 2.3.7 through 2.3.33, 2.5 through 2.5.12

Description: The issue is related to insufficient input validation in the struts2-core library of the Apache Struts platform. It allows a remote attacker to cause a denial of service using specially crafted XML files. The REST Plugin in Apache Struts uses an outdated XStream library, which is vulnerable and can be exploited to perform a denial of service attack using a malicious request with a specially crafted XML payload.

Recommendations: For Apache Struts versions 2.1.x, update to a version that uses an updated XStream library to prevent exploitation. For Apache Struts versions 2.3.7 through 2.3.33, update to a version that uses an updated XStream library to prevent exploitation. For Apache Struts versions 2.5 through 2.5.12, update to a version that uses an updated XStream library to prevent exploitation. As a temporary workaround, consider restricting access to the REST Plugin until a patch is available.