CVE-2017-5638

critical

Description

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

From the Tenable Blog

Apache Struts Jakarta Remote Code Execution (CVE-2017-5638) Detection with Nessus
Apache Struts Jakarta Remote Code Execution (CVE-2017-5638) Detection with Nessus

Published: 2017-03-14

A remote code execution vulnerability (CVE-2017-5638) in the Jakarta Multipart Parser in certain versions of the Apache Struts framework can enable a remote attacker to run arbitrary commands on the web server. Since its initial disclosure, this vulnerability has received significant attention, and is reportedly exploited in the wild. Public exploits are also available for this vulnerability.

References

https://www.theregister.com/2024/12/12/apache_struts_2_vuln/

https://www.tenable.com/blog/from-bugs-to-breaches-25-significant-cves-as-mitre-cve-turns-25

https://securelist.com/vulnerability-exploit-report-q2-2024/113455/

https://blog.checkpoint.com/security/march-2024s-most-wanted-malware-hackers-discover-new-infection-chain-method-to-deliver-remcos/

https://securityaffairs.com/155935/malware/nkabuse-abuses-nkn-technology.html

https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker?&web_view=true

https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective

https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability

https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-133a

https://www.tenable.com/blog/new-apache-struts-vulnerability-could-allow-for-remote-code-execution

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

https://www.kb.cert.org/vuls/id/834067

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

https://www.exploit-db.com/exploits/41614/

https://twitter.com/theog150/status/841146956135124993

https://support.lenovo.com/us/en/product_security/len-14200

https://struts.apache.org/docs/s2-046.html

https://struts.apache.org/docs/s2-045.html

https://security.netapp.com/advisory/ntap-20170310-0001/

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

https://isc.sans.edu/diary/22169

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

https://github.com/rapid7/metasploit-framework/issues/8064

https://github.com/mazen160/struts-pwn

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

https://exploit-db.com/exploits/41570

https://cwiki.apache.org/confluence/display/WW/S2-046

https://cwiki.apache.org/confluence/display/WW/S2-045

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

http://www.securitytracker.com/id/1037973

http://www.securityfocus.com/bid/96729

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

Details

Source: Mitre, NVD

Published: 2017-03-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical