{"id":78906,"date":"2017-09-22T10:00:52","date_gmt":"2017-09-22T17:00:52","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=78906"},"modified":"2025-05-27T22:21:43","modified_gmt":"2025-05-28T05:21:43","slug":"apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/","title":{"rendered":"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805"},"content":{"rendered":"<p>Apache Struts, an open-source web development framework, is prone to vulnerabilities. <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/analyzing-cve-2017-9791-apache-struts-vulnerability-can-lead-remote-code-execution\/\" target=\"_blank\" rel=\"noopener\">We wrote about CVE-2017-9791<\/a> in July. The latest is CVE-2017-9805, another remote code execution flaw actively being exploited,<a href=\"http:\/\/securityaffairs.co\/wordpress\/62865\/hacking\/cve-2017-9805-struts-flaw.html\" target=\"_blank\" rel=\"noopener\">\u00a0according to reports.<\/a> This vulnerability affects the Struts plug-in Representational State Transfer (REST). Apache has updated Struts with Version 2.5.13 to fix this issue. In this post we offer our analysis of this vulnerability and how the exploitation works.<\/p>\n<h2><strong>Analyzing the Fix<\/strong><\/h2>\n<p>The following screenshots show the before (Version 2.5.12, at left) and after (Version 2.5.13) of changes made to REST to fix the vulnerability.<\/p>\n<p><em>Source: &#8220;Fossies,&#8221; the Fresh Open Source Software Archive.<\/em><\/p>\n<p>As we can see, several changes have been made to fix this issue:<\/p>\n<ul>\n<li>In the fixed version \u201cClass XStreamHandler\u201d extends the class \u201cAbstractContentTypeHandler.\u201d<\/li>\n<li>The \u201ctoObject\u201d and \u201cfromObject\u201d methods expect another argument of the type \u201cActionInvocation.\u201d (If we check AbstractContentTypeHandler.java, \u201cAbstractContentTypeHandler\u201d implements the \u201cContentTypeHandler\u201d class and deprecated \u201ctoObject\u201d and \u201cfromObject\u201d methods.)<\/li>\n<li>The \u201ccreateXstream\u201d method has been deprecated and a new method with the same name has been defined that expects a parameter of the type \u201cActionInvocation,\u201d as shown below:<\/li>\n<\/ul>\n<p>This change clears the existing permission and adds as the default a per-action permission, thus preventing the issue.<\/p>\n<h2><strong>Debugging the Code<\/strong><\/h2>\n<p>Exploiting this issue requires sending a post request with specially crafted XML data to a host running Apache Struts with the vulnerable version of the REST plug-in:<\/p>\n<p>Tracing the code, we can see that the request goes to ContentTypeInterceptor.java.<\/p>\n<p>This function identifies the handler for the HTTP request. In this case it is \u201cXStreamHandler,\u201d which later calls \u201chandler.toObject(reader, target);\u201d. Thus control reaches to the method \u201ctoObject\u201d in\u00a0 XStreamHandler.java.<\/p>\n<p>This function calls the method \u201cfromXML,\u201d which deserializes the XML into an object:<\/p>\n<p>The control next calls the method \u201cunmarshal\u201d in \u201cMapConverter.java,\u201d which creates a HashMap and populates it:<\/p>\n<p>\u201cPopulateMap\u201d calls the method \u201cPutCurrentEntryIntoMap,\u201d which in turn calls the method \u201creadItem.\u201d The map elements here are the elements from the specially crafted XML:<\/p>\n<p>The code next calls the method \u201cdoUnmarshal\u201d in \u201cAbstractReflectionConverter.java.\u201d We can see that it takes the node names from the reader object and then searches for the class name, in which it was defined or declared. The code also checks whether the field exists in the class:<\/p>\n<p>If the field exists in the class, then the code updates the field in the object. In the following image, the result shows the object \u201cImageIO$ContainsFilter\u201d and value of its method being modified by the method \u201creflectionProvider.writeField\u201d:<\/p>\n<p>This process is repeated and finally the value of object becomes something like the following (truncated and reorganized for clarity). All of this came from the specially crafted XML:<\/p>\n<p>The preceding object is returned by the call \u201creadItem\u201d in \u201cPutCurrentEntryIntoMap\u201d and is stored in \u201cObject Key\u201d:<\/p>\n<p>As we see in preceding image, the code calls the method \u201ctarget.put.\u201d When the method is called, it accesses the key and value. Because they contain the crafted object, the code first calls \u201cNativestring.hashCode(),\u201d which calls \u201cBase64Data.get(),\u201d as we see in the following call stack:<\/p>\n<p>The code next calls \u201cchooseFirstProvider()\u201d in \u201cCipher.Java\u201d:<\/p>\n<p>The method serviceIterator.next() returns the object ProcessBuilder, which contains the command we provided. Because all of these objects are chained together, as we have seen, ImageIO$ContainsFilter\u2019s method is set to java.lang.ProcessBuilder.Start(), thus executing the code.<\/p>\n<p>&nbsp;<\/p>\n<p>Apache Struts is a popular web development framework and its vulnerabilities affect many deployments. We recommend users keep their Struts installations up to date with latest version.<\/p>\n<p><a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/products\/network-security-platform.html\">McAfee Network Security Platform<\/a> customers are protected against this vulnerability through Signature 0x45215200.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apache Struts, an open-source web development framework, is prone to vulnerabilities. We wrote about CVE-2017-9791 in July. The latest is&#8230;<\/p>\n","protected":false},"author":612,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[4452,18,4827],"coauthors":[2095],"class_list":["post-78906","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybersecurity","tag-network-security","tag-vulnerability"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805<\/title>\n<meta name=\"description\" content=\"Apache Struts, an open-source web development framework, is prone to vulnerabilities. The latest is CVE-2017-9805.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805\" \/>\n<meta property=\"og:description\" content=\"Apache Struts, an open-source web development framework, is prone to vulnerabilities. The latest is CVE-2017-9805.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-09-22T17:00:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T05:21:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/09\/20170921-Struts-1.png\" \/>\n<meta name=\"author\" content=\"Hardik Shah\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hardik05\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hardik Shah\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/\"},\"author\":{\"name\":\"Hardik Shah\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/99cb905e9b4051dfea96a7752dea4342\"},\"headline\":\"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805\",\"datePublished\":\"2017-09-22T17:00:52+00:00\",\"dateModified\":\"2025-05-28T05:21:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/\"},\"wordCount\":610,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"cybersecurity\",\"network security\",\"vulnerability\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/\",\"name\":\"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2017-09-22T17:00:52+00:00\",\"dateModified\":\"2025-05-28T05:21:43+00:00\",\"description\":\"Apache Struts, an open-source web development framework, is prone to vulnerabilities. The latest is CVE-2017-9805.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/99cb905e9b4051dfea96a7752dea4342\",\"name\":\"Hardik Shah\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/b151596c8b1a8dc9b25ec3b19ccfd8c0\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2b87a13b8b83a589e5494d7db597ad6a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2b87a13b8b83a589e5494d7db597ad6a?s=96&d=mm&r=g\",\"caption\":\"Hardik Shah\"},\"description\":\"Hardik Shah, a Senior Research Engineer in McAfee Labs, is an experienced security researcher and technology evangelist. He has extensive experience with exploits, malware analysis, and various IPS engines. Shah enjoys figuring out ways to protect customers from the latest threats. Prior to McAfee, he worked with the IPS research team at Symantec. You can follow him on twitter at @hardik05\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/hardik05\/\",\"https:\/\/x.com\/hardik05\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/hardik-shah\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805","description":"Apache Struts, an open-source web development framework, is prone to vulnerabilities. The latest is CVE-2017-9805.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805","og_description":"Apache Struts, an open-source web development framework, is prone to vulnerabilities. The latest is CVE-2017-9805.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-09-22T17:00:52+00:00","article_modified_time":"2025-05-28T05:21:43+00:00","og_image":[{"url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/09\/20170921-Struts-1.png","type":"","width":"","height":""}],"author":"Hardik Shah","twitter_card":"summary_large_image","twitter_creator":"@hardik05","twitter_site":"@McAfee","twitter_misc":{"Written by":"Hardik Shah","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/"},"author":{"name":"Hardik Shah","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/99cb905e9b4051dfea96a7752dea4342"},"headline":"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805","datePublished":"2017-09-22T17:00:52+00:00","dateModified":"2025-05-28T05:21:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/"},"wordCount":610,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["cybersecurity","network security","vulnerability"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/","name":"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2017-09-22T17:00:52+00:00","dateModified":"2025-05-28T05:21:43+00:00","description":"Apache Struts, an open-source web development framework, is prone to vulnerabilities. The latest is CVE-2017-9805.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/apache-struts-at-rest-analyzing-remote-code-execution-vulnerability-cve-2017-9805\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Apache Struts at REST: Analyzing Remote Code Execution Vulnerability CVE-2017-9805"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/99cb905e9b4051dfea96a7752dea4342","name":"Hardik Shah","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/b151596c8b1a8dc9b25ec3b19ccfd8c0","url":"https:\/\/secure.gravatar.com\/avatar\/2b87a13b8b83a589e5494d7db597ad6a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2b87a13b8b83a589e5494d7db597ad6a?s=96&d=mm&r=g","caption":"Hardik Shah"},"description":"Hardik Shah, a Senior Research Engineer in McAfee Labs, is an experienced security researcher and technology evangelist. He has extensive experience with exploits, malware analysis, and various IPS engines. Shah enjoys figuring out ways to protect customers from the latest threats. Prior to McAfee, he worked with the IPS research team at Symantec. You can follow him on twitter at @hardik05","sameAs":["https:\/\/www.linkedin.com\/in\/hardik05\/","https:\/\/x.com\/hardik05"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/hardik-shah\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/78906","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/612"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=78906"}],"version-history":[{"count":5,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/78906\/revisions"}],"predecessor-version":[{"id":214551,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/78906\/revisions\/214551"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=78906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=78906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=78906"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=78906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}