|
|||
Rule General Information |
---|
Release Date: | 2017-03-30 | |
Rule Name: | WEB-SERVER Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability -5 (CVE-2017-5638) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Solaris, Other Unix, FreeBSD, Linux | |
Reference: | SecurityFocusBID:96729 SecurityTrackerID:1037973 |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: https://cwiki.apache.org/confluence/display/WW/S2-045 |