Detections
Analytics
CVE-2017-5638
critical
Description
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
From the Tenable Blog
Apache Struts Jakarta Remote Code Execution (CVE-2017-5638) Detection with Nessus
Published: 2017-03-14
A remote code execution vulnerability (CVE-2017-5638) in the Jakarta Multipart Parser in certain versions of the Apache Struts framework can enable a remote attacker to run arbitrary commands on the web server. Since its initial disclosure, this vulnerability has received significant attention, and is reportedly exploited in the wild. Public exploits are also available for this vulnerability.
References
https://www.tenable.com/blog/from-bugs-to-breaches-25-significant-cves-as-mitre-cve-turns-25
https://securelist.com/vulnerability-exploit-report-q2-2024/113455/
https://securityaffairs.com/155935/malware/nkabuse-abuses-nkn-technology.html
https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker?&web_view=true
https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective
https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-133a
https://www.tenable.com/blog/new-apache-struts-vulnerability-could-allow-for-remote-code-execution
https://www.symantec.com/security-center/network-protection-security-advisories/SA145
https://www.kb.cert.org/vuls/id/834067
https://www.exploit-db.com/exploits/41614/
https://twitter.com/theog150/status/841146956135124993
https://support.lenovo.com/us/en/product_security/len-14200
https://struts.apache.org/docs/s2-046.html
https://struts.apache.org/docs/s2-045.html
https://security.netapp.com/advisory/ntap-20170310-0001/
https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt
https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html
https://isc.sans.edu/diary/22169
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us
https://github.com/rapid7/metasploit-framework/issues/8064
https://github.com/mazen160/struts-pwn
https://exploit-db.com/exploits/41570
https://cwiki.apache.org/confluence/display/WW/S2-046
https://cwiki.apache.org/confluence/display/WW/S2-045
http://www.securitytracker.com/id/1037973
http://www.securityfocus.com/bid/96729
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html