Apache Struts 2 Vulnerability Leads to Remote Code Execution (CVE-2017-5638)
by CIRT Team
Description: The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.
Impact: This vulnerability allows for unauthenticated, remote code execution on the server.
Mitigation:
- Upgrade to Struts 2.3.32 or Struts 2.5.10.1
- Implement a Servlet filter to validate Content-Type and throw away request with suspicious values not matching multipart/form-data.
Reference URL’s:
- https://cwiki.apache.org/confluence/display/WW/S2-045
- https://security.berkeley.edu/news/critical-apache-struts-2x-vulnerability-cve-2017-5638
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
- http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/
- https://security-tracker.debian.org/tracker/CVE-2017-5638
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
