CVE

Id
102458  
CVE No.
CVE-2017-5638  
Status
Candidate  
Description
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.  
Phase
Assigned (20170129)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
805351 102458 CVE-2017-5638 EXPLOIT-DB:41570  View
805352 102458 CVE-2017-5638 URL:https://exploit-db.com/exploits/41570  View
805353 102458 CVE-2017-5638 MISC:http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html  View
805354 102458 CVE-2017-5638 MISC:http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/  View
805355 102458 CVE-2017-5638 MISC:https://github.com/rapid7/metasploit-framework/issues/8064  View
805356 102458 CVE-2017-5638 MISC:https://isc.sans.edu/diary/22169  View
805357 102458 CVE-2017-5638 MISC:https://github.com/mazen160/struts-pwn  View
805358 102458 CVE-2017-5638 MISC:https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html  View
805359 102458 CVE-2017-5638 MISC:https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt  View
805360 102458 CVE-2017-5638 MISC:http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html  View
805361 102458 CVE-2017-5638 MISC:https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/  View
805362 102458 CVE-2017-5638 MISC:https://twitter.com/theog150/status/841146956135124993  View
805363 102458 CVE-2017-5638 MISC:https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/  View
805364 102458 CVE-2017-5638 CONFIRM:https://cwiki.apache.org/confluence/display/WW/S2-045  View
805365 102458 CVE-2017-5638 CONFIRM:https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a  View
805366 102458 CVE-2017-5638 CONFIRM:https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228  View
805367 102458 CVE-2017-5638 CONFIRM:https://support.lenovo.com/us/en/product_security/len-14200  View
805368 102458 CVE-2017-5638 BID:96729  View

Related JVN