GoogleOSV:GHSA-J77Q-2QQG-6989Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
References
blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution
www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt
www.eweek.com/security/apache-struts-vulnerability-under-attack.html
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites
cwiki.apache.org/confluence/display/WW/S2-045
cwiki.apache.org/confluence/display/WW/S2-046
exploit-db.com/exploits/41570
git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a
git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228
github.com/advisories/GHSA-j77q-2qqg-6989
github.com/apache/struts
github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a
github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b
github.com/mazen160/struts-pwn
github.com/rapid7/metasploit-framework/issues/8064
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us
isc.sans.edu/diary/22169
lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html
nvd.nist.gov/vuln/detail/CVE-2017-5638
packetstormsecurity.com/files/141494/S2-45-poc.py.txt
security.netapp.com/advisory/ntap-20170310-0001
struts.apache.org/docs/s2-045.html
struts.apache.org/docs/s2-046.html
support.lenovo.com/us/en/product_security/len-14200
twitter.com/theog150/status/841146956135124993
web.archive.org/web/20170311203630/www.securityfocus.com/bid/96729
web.archive.org/web/20170921030226/www.securitytracker.com/id/1037973
www.exploit-db.com/exploits/41614
www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2
www.kb.cert.org/vuls/id/834067
www.symantec.com/security-center/network-protection-security-advisories/SA145
Related
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%