icon

We found results for “

CVE-2017-5638

Date: March 10, 2017

Overview

Apache Struts is a widely used open source web framework for developing robust Java applications. Its affected versions are vulnerable to a remote code execution attack that can result in complete system compromises.

Details

The CVE-2017-5638 vulnerability exists because of how the Jakarta Multipart Parser, which is a component of the Apache Struts framework, mishandles Content-Type headers when uploading files. An attacker could exploit this flaw by sending a maliciously created Content-Type HTTP header in the request. Then, if the Jakarta Multipart Parser does not validate the file upload, an exception is thrown, which allows the perpetrator to perform remote code execution. The attacker could inject arbitrary commands in the Content-Type HTTP header, which gets executed on the susceptible servers—based on the privileges of the victim running the server. Authentication is not needed for an attacker to exploit this vulnerability.

Affected Environments

Apache Struts 2 2.3.x before 2.3.32 Apache Struts 2.5.x before 2.5.10.1

Remediation

Apply a Servlet filtering mechanism that validates Content-Type and gets rid of any requests with strange values, which are not matching multipart/form-data Apply a different implementation mechanism for the Multipart parser Do away with the File Upload Interceptor from the stack—you can just create your own custom stack and make it to be the default

Prevention

Upgrade to Apache Struts 2.3.32 or 2.5.10.1 Patch web servers with the latest software versions

Language: Java

Good to know:

icon
icon

Input Validation

CWE-20
icon

Upgrade Version

Upgrade to version org.apache.struts:struts2-core:2.3.32,org.apache.struts:struts2-core:2.5.10.1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): None
User Interaction (UI): None
Scope (S): Changed
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional information: