CVE-2017-9791

Apache Struts 1 Improper Input Validation Vulnerability

The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Vendor/Product: Apache Struts 1. Added to CISA KEV 2022-02-10; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2017-9791