Lucene search

CISACISA-KEV-CVE-2017-5638

HistoryNov 03, 2021 - 12:00 a.m.

Apache Struts Remote Code Execution Vulnerability

2021-11-0300:00:00

CISA

www.cisa.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.966

Percentile

99.7%

JSON

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.

myhack58

Apache Struts2 exposure arbitrary code execution vulnerability (S2-045,CVE-2017-5638)-vulnerability warning-the black bar safety net

2017-03-07 00:00:00

Apache Struts2 high-risk vulnerabilities cause the Enterprise Server is the invasion mounted KoiMiner mining Trojan-vulnerability warning-the black bar safety net

2018-07-10 00:00:00

About Apache Struts2（S2-045）vulnerability briefings-vulnerability warning-the black bar safety net

2017-03-07 00:00:00

packetstorm

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution

2017-03-10 00:00:00

Apache Struts Jakarta Multipart Parser OGNL Injection

2017-03-14 00:00:00

hackerone

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-09 17:59:08

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-13 13:22:29

U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website

2017-03-13 04:14:12

canvas

Immunity Canvas: STRUTS_OGNL

2017-03-11 02:59:00

malwarebytes

Equifax breach: What you need to know [updated]

2017-09-08 07:02:47

qualysblog

How To Prioritize Vulnerabilities in a Modern IT Environment

2018-05-07 16:00:10

The Sky Is Falling! Responding Rationally to Headline Vulnerabilities

2018-04-19 23:00:03

Cryptomining is all the rage among hackers, as DDoS amplification attacks continue

2018-03-09 21:45:09

threatpost

Equifax to Pay $700 Million in 2017 Data Breach Settlement

2019-07-22 14:31:39

Equifax Says 2.4 Million More People Impacted By Massive 2017 Breach

2018-03-02 15:12:57

Attacks Heating Up Against Apache Struts 2 Vulnerability

2017-03-09 12:25:46

ibm

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840

2018-06-18 00:32:46

Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)

2018-06-18 01:35:33

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900

2023-02-18 01:45:50

nessus

Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)

2017-03-08 00:00:00

Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)

2017-03-07 00:00:00

Apache Struts 2 RCE (CVE-2017-5638) (deprecated)

2017-04-12 00:00:00

openvas

Atlassian Bamboo Struts2 RCE Vulnerability

2017-03-15 00:00:00

Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability (cisco-sa-20170310-struts2)

2017-03-14 00:00:00

VMware vRealize Operations Apache Struts2 RCE Vulnerability (VMSA-2017-0004)

2017-03-31 00:00:00

atlassian

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:31:09

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:57:51

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:57:51

krebs

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

2017-09-14 18:03:12

lenovo

Apache Struts Open Source Framework Remote Code Execution - us

2017-06-09 00:00:00

Apache Struts Open Source Framework Remote Code Execution - Lenovo Support US

2017-06-09 00:00:00

kitploit

struts-pwn - An exploit for Apache Struts CVE-2017-5638

2017-03-14 13:34:00

strutszeiro - Telegram Bot to manage botnets created with struts vulnerability (CVE-2017-5638)

2017-03-14 17:30:00

Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638

2017-03-17 14:22:00

thn

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

2018-09-20 13:54:00

New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild

2017-03-09 01:03:00

Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach

2017-10-02 21:23:00

saint

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

osv

CVE-2017-5638

2017-03-11 02:59:00

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

2018-10-18 19:24:26

K43451236 : Apache Struts 2 vulnerability CVE-2017-5638

2017-03-09 00:00:00

securelist

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

2023-12-14 13:00:40

trendmicroblog

Linux is secure…right?

2017-06-15 19:00:13

Sound, Fury, And Nothing One Year After Equifax

2018-09-07 12:00:34

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017

2017-09-15 14:59:53

seebug

S2-046: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-21 00:00:00

S2-045: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-06 00:00:00

cisco

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

2017-03-10 19:30:00

vmware

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

cve

CVE-2017-5638

2017-03-11 02:59:00

cert

Apache Struts 2 is vulnerable to remote code execution

2017-03-14 00:00:00

cloudfoundry

CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry

2017-03-14 00:00:00

zdt

Apache Struts Jakarta Multipart Parser OGNL Injection Exploit

2017-03-15 00:00:00

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution Exploit

2017-03-12 00:00:00

checkpoint_advisories

Apache Struts 2 Content-Disposition Remote Code Execution (CVE-2017-5638)

2017-08-09 00:00:00

Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638)

2017-03-07 00:00:00

huawei

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

2017-03-16 00:00:00

github

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

2018-10-18 19:24:26

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

2023-09-21 20:56:46

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

veracode

Remote Code Execution (RCE) Through Jakarta Multipart Parser

2017-03-09 12:39:55

nuclei

Apache Struts 2 - Remote Command Execution

2020-08-19 13:13:31

cvelist

CVE-2017-5638

2017-03-11 02:11:00

nvd

CVE-2017-5638

2017-03-11 02:59:00

impervablog

Keeping Your WAF Relevant: Emergency Feed Pushes New Mitigations in Just Hours

2018-04-26 19:01:59

Two New Trends Make Early Breach Detection and Prevention a Security Imperative

2022-08-31 13:47:34

Clustering App Attacks with Machine Learning Part 3: Algorithm Results

2018-06-19 22:41:03

rapid7community

Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic

2017-03-15 14:29:55

attackerkb

CVE-2017-5638

2017-03-11 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

redhatcve

CVE-2017-5638

2017-03-08 11:53:37

ubuntucve

CVE-2017-5638

2017-03-11 00:00:00

prion

Design/Logic Flaw

2017-03-11 02:59:00

pentestit

UPDATE: Infection Monkey 1.6.1

2018-12-03 22:28:53

JexBoss: Java Deserialization Verification & EXploitation Tool!

2017-08-11 06:52:45

talosblog

Another Apache Struts Vulnerability Under Active Exploitation

2017-09-07 15:42:00

2017 in Snort Signatures.

2018-01-29 11:37:00

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

2019-09-17 08:09:45

nmap

http-vuln-cve2017-5638 NSE Script

2017-03-10 17:53:45

ics

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

Oracle Critical Patch Update Advisory - April 2017

2017-04-18 00:00:00

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.966

Percentile

99.7%

JSON

Apache Struts Remote Code Execution Vulnerability

Related