Intrusion Prevention



This indicates an attack attempt against a Denial-Of-Service vulnerability in Apache Struts.
The vulnerability is caused by an error when the vulnerable software handles maliciously crafted packets. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system, via a crafted packet.

Affected Products

Apache Software Foundation Struts 2.5 through 2.5.12
Apache Software Foundation Struts 2.3.7 through 2.3.33
XStream XStream prior to 1.4.10


Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References

CVE-2017-9793 CVE-2017-7957