Lucene search

K
seebugRootSSV:92804
HistoryMar 21, 2017 - 12:00 a.m.

S2-046: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)

2017-03-2100:00:00
Root
www.seebug.org
136

EPSS

0.975

Percentile

100.0%

It is possible to perform a RCE attack with a malicious Content-Disposition value or with improper Content-Length header. If the Content-Dispostion / Content-Length value is not valid an exception is thrown which is then used to display an error message to a user. This is a different vector for the same vulnerability described in S2-045 (CVE-2017-5638).