Lucene search

CiscoCISCO-SA-20170310-STRUTS2

HistoryMar 10, 2017 - 7:30 p.m.

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

2017-03-1019:30:00

tools.cisco.com

422

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.975 High

EPSS

Percentile

100.0%

JSON

On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a crafted Content-Type, Content-Disposition, or Content-Length value.

This vulnerability has been assigned CVE-ID CVE-2017-5638.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2”]

Affected configurations

Vulners

Node

ciscoemergency_responderMatchany

ciscounity_connectionMatchany

ciscounified_contact_center_expressMatchany

ciscoidentity_services_engine_softwareMatchany

ciscohosted_collaboration_solutionMatchany

ciscofinesseMatchany

ciscosocialminerMatchany

ciscomediasenseMatchany

ciscounified_sip_proxyMatchany

ciscounified_intelligence_centerMatchany

ciscoprime_service_catalogMatchany

ciscoprime_license_managerMatchany

ciscohosted_collaboration_mediation_fulfillmentMatchany

ciscoemergency_responderMatchany

ciscounity_connectionMatchany

ciscounified_contact_center_expressMatchany

ciscoidentity_services_engine_softwareMatchany

ciscohosted_collaboration_solutionMatchany

ciscofinesseMatchany

ciscosocialminerMatchany

ciscomediasenseMatchany

ciscounified_sip_proxyMatchany

ciscounified_intelligence_centerMatchany

ciscoprime_service_catalogMatchany

ciscoprime_license_managerMatchany

ciscohosted_collaboration_mediation_fulfillmentMatchany

CPENameOperatorVersion
cisco emergency respondereqany
cisco unity connectioneqany
cisco unified contact center expresseqany
cisco identity services engine softwareeqany
cisco hosted collaboration solutioneqany
cisco finesseeqany
cisco socialminereqany
cisco mediasenseeqany
cisco unified sip proxyeqany
cisco unified intelligence centereqany

Name	Operator	Version
cisco emergency responder	eq	any
cisco unity connection	eq	any
cisco unified contact center express	eq	any
cisco identity services engine software	eq	any
cisco hosted collaboration solution	eq	any
cisco finesse	eq	any
cisco socialminer	eq	any
cisco mediasense	eq	any
cisco unified sip proxy	eq	any
cisco unified intelligence center	eq	any