1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Apache Struts CVE 2017 9805 2

Attack: Apache Struts CVE 2017 9805 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploits Apache Struts Remote Code Execution Vulnerability.

Additional Information

Apache Struts is a framework for building Web applications.

Apache Struts is prone to a remote code-execution vulnerability that exists in the REST Plugin because it fails to properly type filter XStreamHandler with an instance of XStream during deserialization. Specifically, this issue occurs when deserializing specially-crafted XML payloads.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.


  • Apache Struts 2.5 through 2.5.12 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube