S2-046: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)

ID SSV:92804
Type seebug
Reporter Root
Modified 2017-03-21T00:00:00


It is possible to perform a RCE attack with a malicious Content-Disposition value or with improper Content-Length header. If the Content-Dispostion / Content-Length value is not valid an exception is thrown which is then used to display an error message to a user. This is a different vector for the same vulnerability described in S2-045 (CVE-2017-5638).