Red Hat Bugzilla – Bug 1469265
CVE-2017-9791 struts2: Possible RCE via a malicious field value passed in a raw message to the ActionMessage
Last modified: 2017-10-10 11:52:11 EDT
The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
This issue is present in a Struts 1 plugin for Apache Struts 2.3.x. It is not present in Apache Struts 1. This issue did not affect any of the Red Hat products as they did not include the Apache Struts 2 package.