{"id":"CVE-2017-9791","details":"The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.","aliases":["GHSA-29rm-6752-gvwv"],"modified":"2026-04-10T04:02:44.381840Z","published":"2017-07-10T16:29:00.277Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9791"},{"type":"ADVISORY","url":"http://struts.apache.org/docs/s2-048.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99484"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038838"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180706-0002/"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/42324/"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/44643/"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/struts","events":[{"introduced":"0"},{"last_affected":"e5009a34202777b53c5dc36e020d0033aa8be027"},{"introduced":"0"},{"last_affected":"7d7d3fc42b013f0983a16473b10ed24efb988e0e"},{"introduced":"0"},{"last_affected":"6246b8e12eb5abee95916b948a7a97e4d736f10b"},{"introduced":"0"},{"last_affected":"183be6b2986755eeac9b86eed9138304a30ff45e"},{"introduced":"0"},{"last_affected":"676a011b4f4d211e167465f3ffb03894c8f60334"},{"introduced":"0"},{"last_affected":"4b5f5619ddeda22f7f358431f604df580f1e61a1"},{"introduced":"0"},{"last_affected":"28297863aee4d747638ce5b6f22262ac6a118ae0"},{"introduced":"0"},{"last_affected":"b2fe62824eebd213625d23378b5307dcb1b82c77"},{"introduced":"0"},{"last_affected":"f15f28a1766fe991de85c8cd089b102f77915319"},{"introduced":"0"},{"last_affected":"9df00b0a864fac2e763b7c26ba99af057202f0f3"},{"introduced":"0"},{"last_affected":"fc3df96990bafdecc6f3a89cf7a4dcf15066c687"},{"introduced":"0"},{"last_affected":"f0c159d871ee741e0cc74fe858cc7be79841078c"},{"introduced":"0"},{"last_affected":"a72c1f4262a57bfe2819c6def81620d02d7867fb"},{"introduced":"0"},{"last_affected":"bc6094eece7dfa65e7439cd018d58e85c5d41e47"},{"introduced":"0"},{"last_affected":"8931ac19ea504a167f4d0c8e57ccc8f7f09f4135"},{"introduced":"0"},{"last_affected":"fd206c1386cc113e3f5b52fbc5b2f15a458b31b4"},{"introduced":"0"},{"last_affected":"3565f4d4f5c4c85a1ffab9e6169c86527aa6f4c7"},{"introduced":"0"},{"last_affected":"402374de33146e1c0401a247e0779e290cb0c078"},{"introduced":"0"},{"last_affected":"6cddee6fc539429544b28a96361a8af7a0691108"},{"introduced":"0"},{"last_affected":"7dd83dff485d324980f3d22c726cfd969ecf41f8"},{"introduced":"0"},{"last_affected":"e03ff728618f5bf551083fc3a52d43c07434bbc9"},{"introduced":"0"},{"last_affected":"0320310406f6b11cfd235d7a9b866cf1de483a1e"},{"introduced":"0"},{"last_affected":"a9974eec5689a7113a6fb1e2096252f0935064dd"},{"introduced":"0"},{"last_affected":"bbbf43ec59e7bef3b07e9065dc9784c18a95d58b"},{"introduced":"0"},{"last_affected":"925741ad1e8e48c7a6d687fe02d3fdb6386eb64c"},{"introduced":"0"},{"last_affected":"7a9863169f7d981be0d2d57437974ae2cc0c8bd3"},{"introduced":"0"},{"last_affected":"36b6fff05cd4a17f75b091c0edd52e0c1e65ec06"},{"introduced":"0"},{"last_affected":"0ac8932aa3a1b28a8f950863c17165cdc63b1474"},{"introduced":"0"},{"last_affected":"2cf0a7efeb12c8f476e31324dc56456b340ddeab"},{"introduced":"0"},{"last_affected":"bb22c585b5b52967fab033dba02cd244cd5b5b7a"},{"introduced":"0"},{"last_affected":"5c61c9a5752109a00ccdadbce3d4adb681f82c9a"},{"introduced":"0"},{"last_affected":"de90290354a1c6c819687305e053232bc8a4a697"},{"introduced":"0"},{"last_affected":"1ed29d508fc0a3762ad7d16336a71adcf69bd88d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.1"},{"introduced":"0"},{"last_affected":"2.3.1.1"},{"introduced":"0"},{"last_affected":"2.3.1.2"},{"introduced":"0"},{"last_affected":"2.3.3"},{"introduced":"0"},{"last_affected":"2.3.4"},{"introduced":"0"},{"last_affected":"2.3.4.1"},{"introduced":"0"},{"last_affected":"2.3.7"},{"introduced":"0"},{"last_affected":"2.3.8"},{"introduced":"0"},{"last_affected":"2.3.12"},{"introduced":"0"},{"last_affected":"2.3.14"},{"introduced":"0"},{"last_affected":"2.3.14.1"},{"introduced":"0"},{"last_affected":"2.3.14.2"},{"introduced":"0"},{"last_affected":"2.3.14.3"},{"introduced":"0"},{"last_affected":"2.3.15"},{"introduced":"0"},{"last_affected":"2.3.15.1"},{"introduced":"0"},{"last_affected":"2.3.15.2"},{"introduced":"0"},{"last_affected":"2.3.15.3"},{"introduced":"0"},{"last_affected":"2.3.16"},{"introduced":"0"},{"last_affected":"2.3.16.1"},{"introduced":"0"},{"last_affected":"2.3.16.2"},{"introduced":"0"},{"last_affected":"2.3.16.3"},{"introduced":"0"},{"last_affected":"2.3.20"},{"introduced":"0"},{"last_affected":"2.3.20.1"},{"introduced":"0"},{"last_affected":"2.3.20.3"},{"introduced":"0"},{"last_affected":"2.3.24"},{"introduced":"0"},{"last_affected":"2.3.24.1"},{"introduced":"0"},{"last_affected":"2.3.24.3"},{"introduced":"0"},{"last_affected":"2.3.28"},{"introduced":"0"},{"last_affected":"2.3.28.1"},{"introduced":"0"},{"last_affected":"2.3.29"},{"introduced":"0"},{"last_affected":"2.3.30"},{"introduced":"0"},{"last_affected":"2.3.31"},{"introduced":"0"},{"last_affected":"2.3.32"}]}}],"versions":["STRUTS_2_3_1","STRUTS_2_3_12","STRUTS_2_3_14","STRUTS_2_3_14_1","STRUTS_2_3_14_2","STRUTS_2_3_14_3","STRUTS_2_3_15","STRUTS_2_3_15_1","STRUTS_2_3_15_2","STRUTS_2_3_15_3","STRUTS_2_3_16","STRUTS_2_3_16_1","STRUTS_2_3_16_2","STRUTS_2_3_16_3","STRUTS_2_3_1_1","STRUTS_2_3_1_2","STRUTS_2_3_20","STRUTS_2_3_20_1","STRUTS_2_3_20_2","STRUTS_2_3_20_3","STRUTS_2_3_24","STRUTS_2_3_24_1","STRUTS_2_3_24_2","STRUTS_2_3_24_3","STRUTS_2_3_25","STRUTS_2_3_26","STRUTS_2_3_27","STRUTS_2_3_28","STRUTS_2_3_28_1","STRUTS_2_3_29","STRUTS_2_3_3","STRUTS_2_3_30","STRUTS_2_3_31","STRUTS_2_3_32","STRUTS_2_3_4","STRUTS_2_3_4_1","STRUTS_2_3_7","STRUTS_2_3_8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9791.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}