Lucene search

K
ciscoCiscoCISCO-SA-20170310-STRUTS2
HistoryMar 10, 2017 - 7:30 p.m.

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

2017-03-1019:30:00
tools.cisco.com
424

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a crafted Content-Type, Content-Disposition, or Content-Length value.

This vulnerability has been assigned CVE-ID CVE-2017-5638.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2”]

Affected configurations

Vulners
Node
ciscoemergency_responderMatchany
OR
ciscounity_connectionMatchany
OR
ciscounified_contact_center_expressMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscohosted_collaboration_solutionMatchany
OR
ciscofinesseMatchany
OR
ciscosocialminerMatchany
OR
ciscomediasenseMatchany
OR
ciscounified_sip_proxyMatchany
OR
ciscounified_intelligence_centerMatchany
OR
ciscoprime_service_catalogMatchany
OR
ciscoprime_license_managerMatchany
OR
ciscohosted_collaboration_mediation_fulfillmentMatchany
OR
ciscoemergency_responderMatchany
OR
ciscounity_connectionMatchany
OR
ciscounified_contact_center_expressMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscohosted_collaboration_solutionMatchany
OR
ciscofinesseMatchany
OR
ciscosocialminerMatchany
OR
ciscomediasenseMatchany
OR
ciscounified_sip_proxyMatchany
OR
ciscounified_intelligence_centerMatchany
OR
ciscoprime_service_catalogMatchany
OR
ciscoprime_license_managerMatchany
OR
ciscohosted_collaboration_mediation_fulfillmentMatchany

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%