Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

jeudi 7 septembre 2017

Remote Code Execution Attack Against Apache Struts REST Plugin (CERT-EU Security Advisory 2017-017)

On August 16th 2017, a new vulnerability affecting Apache Struts 2 (CVE-2017-9805) was published. This vulnerability allows remote code execution attacks, when the Struts REST plugin is used with XStreamHandler to handle XML payloads. It is important to note that the code that exploits the vulnerability has been released through Metasploit.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 260

x

Événements SSI