CVE-2017-9805CISA KEVEPSS p99.9%

CVE-2017-9805Apache Struts Deserialization of Untrusted Data Vulnerability

Apache / Struts

Description

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

Scoring

EPSS99.46% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryApache Struts Deserialization of Untrusted Data Vulnerabilitykev-cve-2017-98050%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Apache Struts 1 Improper Input Validation Vulnerability
CVE
Apache Struts Remote Code Execution Vulnerability
CVE
Apache Struts 2 Improper Input Validation Vulnerability
CVE
Liferay Portal Deserialization of Untrusted Data Vulnerability
CVE
Apache Struts Improper Input Validation Vulnerability
CVE
Adobe ColdFusion Deserialization Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.