Apache released a security bulletin(S2-052) addressing a security vulnerability(CVE-2017-9805) in Struts 2. The bulletin says that a remote code execution(RCE) attack is possible when using the Struts REST plugin with XStream handler to deserialize XML requests. Attackers can take advantage of this vulnerability to perform such operations as adding or deleting user accounts, viewing, modifying or deleting files, inserting backdoor, etc.
Date Published:2017-09-08