Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094)
This vulnerability has been assigned a CVE ID: CVE-2017-5638.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170316-01-struts2-en

CPENameOperatorVersion
anyofficeeqV200R005C00
smsgweqV100R002C01
smsgweqV100R002C11
smsgweqV100R003C01
secospace antiddos8000eqV100R001C00
secospace antiddos8000eqV500R001C00
secospace antiddos8000eqV500R001C20
espace ecseqV200R002C00
espace ecseqV200R003C00
espace ecseqV200R003C10

Name	Operator	Version
anyoffice	eq	V200R005C00
smsgw	eq	V100R002C01
smsgw	eq	V100R002C11
smsgw	eq	V100R003C01
secospace antiddos8000	eq	V100R001C00
secospace antiddos8000	eq	V500R001C00
secospace antiddos8000	eq	V500R001C20
espace ecs	eq	V200R002C00
espace ecs	eq	V200R003C00
espace ecs	eq	V200R003C10

Rows per page:

1-10 of 361

malwarebytes 1

packetstorm 2

threatpost 18

myhack58 8

qualysblog 6

ibm 10

openvas 13

hackerone 3

nessus 9

canvas 1

osv 2

thn 10

krebs 1

atlassian 4

lenovo 2

saint 3

kitploit 10

f5 1

trendmicroblog 3

securelist 1

seebug 2

cisco 1

cisa_kev 1

vmware 2

checkpoint_advisories 2

zdt 2

impervablog 9

cloudfoundry 1

cve 1

nuclei 1

github 3

cert 1

veracode 1

rapid7community 1

redhatcve 1

prion 1

ubuntucve 1

attackerkb 2

pentestit 2

talosblog 4

nmap 1

ics 1

oracle 2

malwarebytes

Equifax breach: What you need to know [updated]

2017-09-08 07:02:47

packetstorm

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution

2017-03-10 00:00:00

Apache Struts Jakarta Multipart Parser OGNL Injection

2017-03-14 00:00:00

threatpost

Equifax to Pay $700 Million in 2017 Data Breach Settlement

2019-07-22 14:31:39

Equifax Says 2.4 Million More People Impacted By Massive 2017 Breach

2018-03-02 15:12:57

Attacks Heating Up Against Apache Struts 2 Vulnerability

2017-03-09 12:25:46

myhack58

Apache Struts2 exposure arbitrary code execution vulnerability (S2-045,CVE-2017-5638)-vulnerability warning-the black bar safety net

2017-03-07 00:00:00

Apache Struts2 high-risk vulnerabilities cause the Enterprise Server is the invasion mounted KoiMiner mining Trojan-vulnerability warning-the black bar safety net

2018-07-10 00:00:00

About Apache Struts2（S2-045）vulnerability briefings-vulnerability warning-the black bar safety net

2017-03-07 00:00:00

qualysblog

How To Prioritize Vulnerabilities in a Modern IT Environment

2018-05-07 16:00:10

The Sky Is Falling! Responding Rationally to Headline Vulnerabilities

2018-04-19 23:00:03

Cryptomining is all the rage among hackers, as DDoS amplification attacks continue

2018-03-09 21:45:09

ibm

Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)

2018-06-18 01:35:33

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840

2018-06-18 00:32:46

Security Bulletin: IBM OpenPages GRC Platform Web Applications are not vulnerable to (CVE-2017-5638)

2018-06-15 22:49:16

openvas

Atlassian Bamboo Struts2 RCE Vulnerability

2017-03-15 00:00:00

Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability

2017-03-14 00:00:00

VMSA-201-0004: vRealize Operations (vROps) Remote Code Execution Vulnerability Via Apache Struts 2

2017-03-31 00:00:00

hackerone

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-09 17:59:08

U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website

2017-03-13 04:14:12

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-13 13:22:29

nessus

Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)

2017-03-08 00:00:00

Apache Struts 2 RCE (CVE-2017-5638) (deprecated)

2017-04-12 00:00:00

Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)

2017-03-07 00:00:00

canvas

Immunity Canvas: STRUTS_OGNL

2017-03-11 02:59:00

osv

CVE-2017-5638

2017-03-11 02:59:00

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

2018-10-18 19:24:26

thn

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

2018-09-20 13:54:00

New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild

2017-03-09 01:03:00

New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

2023-12-15 05:25:00

krebs

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

2017-09-14 18:03:12

atlassian

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:31:09

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:57:51

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:57:51

lenovo

Apache Struts Open Source Framework Remote Code Execution - us

2017-06-09 00:00:00

Apache Struts Open Source Framework Remote Code Execution - Lenovo Support US

2017-06-09 00:00:00

saint

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

kitploit

struts-pwn - An exploit for Apache Struts CVE-2017-5638

2017-03-14 13:34:00

Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638

2017-03-17 14:22:00

strutszeiro - Telegram Bot to manage botnets created with struts vulnerability (CVE-2017-5638)

2017-03-14 17:30:00

K43451236 : Apache Struts 2 vulnerability CVE-2017-5638

2017-03-09 00:00:00

trendmicroblog

Linux is secure…right?

2017-06-15 19:00:13

Sound, Fury, And Nothing One Year After Equifax

2018-09-07 12:00:34

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017

2017-09-15 14:59:53

securelist

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

2023-12-14 13:00:40

seebug

S2-046: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-21 00:00:00

S2-045: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-06 00:00:00

cisco

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

2017-03-10 19:30:00

cisa_kev

Apache Struts Remote Code Execution Vulnerability

2021-11-03 00:00:00

vmware

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

checkpoint_advisories

Apache Struts 2 Content-Disposition Remote Code Execution (CVE-2017-5638)

2017-08-09 00:00:00

Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638)

2017-03-07 00:00:00

zdt

Apache Struts Jakarta Multipart Parser OGNL Injection Exploit

2017-03-15 00:00:00

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution Exploit

2017-03-12 00:00:00

impervablog

Keeping Your WAF Relevant: Emergency Feed Pushes New Mitigations in Just Hours

2018-04-26 19:01:59

Two New Trends Make Early Breach Detection and Prevention a Security Imperative

2022-08-31 13:47:34

Clustering App Attacks with Machine Learning Part 3: Algorithm Results

2018-06-19 22:41:03

cloudfoundry

CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry

2017-03-14 00:00:00

cve

CVE-2017-5638

2017-03-11 02:59:00

nuclei

Apache Struts 2 - Remote Command Execution

2020-08-19 13:13:31

github

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

2018-10-18 19:24:26

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

2023-09-21 20:56:46

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

cert

Apache Struts 2 is vulnerable to remote code execution

2017-03-14 00:00:00

veracode

Remote Code Execution (RCE) Through Jakarta Multipart Parser

2017-03-09 12:39:55

rapid7community

Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic

2017-03-15 14:29:55

redhatcve

CVE-2017-5638

2017-03-08 11:53:37

prion

Design/Logic Flaw

2017-03-11 02:59:00

ubuntucve

CVE-2017-5638

2017-03-11 00:00:00

attackerkb

CVE-2017-5638

2017-03-11 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

pentestit

UPDATE: Infection Monkey 1.6.1

2018-12-03 22:28:53

JexBoss: Java Deserialization Verification & EXploitation Tool!

2017-08-11 06:52:45

talosblog

2017 in Snort Signatures.

2018-01-29 11:37:00

Another Apache Struts Vulnerability Under Active Exploitation

2017-09-07 15:42:00

2018 in Snort Rules

2019-02-06 08:19:00

nmap

http-vuln-cve2017-5638 NSE Script

2017-03-10 17:53:45

ics

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

Oracle Critical Patch Update Advisory - April 2017

2017-04-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Related for HUAWEI-SA-20170316-01-STRUTS2