|
|||
Rule General Information |
---|
Release Date: | 2018-04-10 | |
Rule Name: | Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability (CVE-2017-5638) | |
Severity: | ||
CVE ID: | ||
CNNVD ID: | ||
Rule Protection Details |
---|
Description: | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:96729 SecurityTrackerID:1037973 https://cwiki.apache.org/confluence/display/WW/S2-045 https://cwiki.apache.org/confluence/display/WW/S2-046 https://exploit-db.com/exploits/41570 |
|
Solutions |
---|
Upgrade to version 2.3.32 or 2.5.10.1 to solve the vulnerability. |