Detections
Analytics
Apache Struts 2 RCE (CVE-2017-5638) (deprecated)
critical Nessus Network Monitor Plugin ID 700055
Synopsis
A payload has been detected that targets a critical vulnerability found in versions of Apache Struts 2.Description
The remote web server is being targeted by an Apache Struts 2 exploitation attempt. Versions of Apache Struts 2.5.x prior to 2.5.10.1 and 2.3.x prior to 2.3.32 are affected by a flaw that is triggered when handling invalid Content-Type, Content-Disposition, or Content-Length values for uploaded files using the Jakarta Multipart parser. This may allow a remote attacker to potentially execute arbitrary code.Solution
A remote service is attempting to exploit an Apache Struts vulnerability. Ensure that Apache Struts is patched with the latest available version, inspect the system for malicious code, and follow appropriate incident response procedures.See Also
http://www.securityweek.com/apache-struts-flaw-used-deliver-cerber-ransomware
https://threatpost.com/apache-struts-2-exploits-installing-cerber-ransomware/124844
https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b
Plugin Details
Severity: Critical
ID: 700055
Family: Web Servers
Published: 4/12/2017
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Critical
Score: 9.2
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apache:struts
Patch Publication Date: 3/6/2017
Vulnerability Publication Date: 3/6/2017
Exploitable With
Metasploit (Apache Struts Jakarta Multipart Parser OGNL Injection)
Reference Information
CVE: CVE-2017-5638
BID: 96729