CVE-2017-9805.md

CVE-2017-9805, which is also known as S2-052

• Report: July 2017
• Credit: Man Yue Mo <mmo at semmle dot com> from lgtm.com / Semmle

PoC

• https://hastebin.com/juvanuziji.http - Originated from http://blog.csdn.net/caiqiiqi/article/details/77861477
• jas502n/St2-052
• rapid7/metasploit-framework
• Medicean/VulApps

Reference

• S2-052
• Using QL to find a remote code execution vulnerability in Apache Struts (CVE-2017-9805)
• st052复线漏洞复现过程
• CVE-2017-9805