Intrusion Prevention

Apache.Struts.2.REST.Plugin.XStream.Handler.DoS

Description

This indicates an attack attempt against a Denial-Of-Service vulnerability in Apache Struts.
The vulnerability is caused by an error when the vulnerable software handles maliciously crafted packets. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system, via a crafted packet.

Affected Products

Apache Software Foundation Struts 2.5 through 2.5.12
Apache Software Foundation Struts 2.3.7 through 2.3.33
XStream XStream prior to 1.4.10

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://struts.apache.org/docs/s2-051.html
http://x-stream.github.io/CVE-2017-7957.html

CVE References

CVE-2017-9793 CVE-2017-7957