|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-04-10 | |
| Rule Name: | Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability (CVE-2017-5638) | |
| Severity: | ||
| CVE ID: | ||
| CNNVD ID: | ||
| Rule Protection Details |
|---|
| Description: | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:96729 SecurityTrackerID:1037973 https://cwiki.apache.org/confluence/display/WW/S2-045 https://cwiki.apache.org/confluence/display/WW/S2-046 https://exploit-db.com/exploits/41570 |
|
| Solutions |
|---|
| Upgrade to version 2.3.32 or 2.5.10.1 to solve the vulnerability. |