VYPR
Critical severity9.8CISA KEVNVD Advisory· Published Jul 10, 2017· Updated Jun 17, 2026

CVE-2017-9791

CVE-2017-9791

Description

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.struts:struts2-struts1-pluginMaven
<= 2.3.37

Affected products

34
  • Apache/Struts33 versions
    cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*+ 32 more
    • cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.