The instance of Selligent Message Studio running on the remote host is affected by CVE-2017-5638, a code execution vulnerability in Apache Struts (S2-045). A remote, unauthenticated attacker can exploit this issue, via a specially crafted HTTP request, to execute code on the remote host.

Binary data selligent_message_studio_rce.nbin

VendorProductVersionCPE
selligentselligent_message_studiox-cpe:/a:selligent:selligent_message_studio

Vendor	Product	Version	CPE
selligent	selligent_message_studio		x-cpe:/a:selligent:selligent_message_studio

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638

www.nessus.org/u?db0c2b7e

cwiki.apache.org/confluence/display/WW/S2-045

threatpost 18

ibm 10

packetstorm 2

nessus 8

openvas 14

malwarebytes 1

myhack58 8

hackerone 3

canvas 1

qualysblog 6

krebs 1

lenovo 2

kitploit 10

saint 3

osv 2

thn 10

f5 1

atlassian 4

redhatcve 1

checkpoint_advisories 2

ubuntucve 1

impervablog 9

prion 1

rapid7community 1

attackerkb 2

trendmicroblog 3

vmware 2

cisa_kev 1

securelist 1

seebug 2

cisco 1

zdt 2

veracode 1

cert 1

cloudfoundry 1

nuclei 1

cvelist 1

nvd 1

cve 1

huawei 1

github 3

pentestit 2

talosblog 4

nmap 1

ics 1

oracle 2

threatpost

Equifax to Pay $700 Million in 2017 Data Breach Settlement

2019-07-22 14:31:39

Attacks Heating Up Against Apache Struts 2 Vulnerability

2017-03-09 12:25:46

Equifax Says 2.4 Million More People Impacted By Massive 2017 Breach

2018-03-02 15:12:57

ibm

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840

2018-06-18 00:32:46

Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)

2018-06-18 01:35:33

Security Bulletin: IBM OpenPages GRC Platform Web Applications are not vulnerable to (CVE-2017-5638)

2018-06-15 22:49:16

packetstorm

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution

2017-03-10 00:00:00

Apache Struts Jakarta Multipart Parser OGNL Injection

2017-03-14 00:00:00

nessus

Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)

2017-03-08 00:00:00

Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)

2017-03-07 00:00:00

Apache Struts 2 RCE (CVE-2017-5638) (deprecated)

2017-04-12 00:00:00

openvas

Atlassian Bamboo Struts2 RCE Vulnerability

2017-03-15 00:00:00

VMware vRealize Operations Apache Struts2 RCE Vulnerability (VMSA-2017-0004)

2017-03-31 00:00:00

Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability (cisco-sa-20170310-struts2)

2017-03-14 00:00:00

malwarebytes

Equifax breach: What you need to know [updated]

2017-09-08 07:02:47

myhack58

Apache Struts2 exposure arbitrary code execution vulnerability (S2-045,CVE-2017-5638)-vulnerability warning-the black bar safety net

2017-03-07 00:00:00

Apache Struts2 high-risk vulnerabilities cause the Enterprise Server is the invasion mounted KoiMiner mining Trojan-vulnerability warning-the black bar safety net

2018-07-10 00:00:00

About Apache Struts2（S2-045）vulnerability briefings-vulnerability warning-the black bar safety net

2017-03-07 00:00:00

hackerone

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-09 17:59:08

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-13 13:22:29

U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website

2017-03-13 04:14:12

canvas

Immunity Canvas: STRUTS_OGNL

2017-03-11 02:59:00

qualysblog

How To Prioritize Vulnerabilities in a Modern IT Environment

2018-05-07 16:00:10

The Sky Is Falling! Responding Rationally to Headline Vulnerabilities

2018-04-19 23:00:03

Cryptomining is all the rage among hackers, as DDoS amplification attacks continue

2018-03-09 21:45:09

krebs

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

2017-09-14 18:03:12

lenovo

Apache Struts Open Source Framework Remote Code Execution - us

2017-06-09 00:00:00

Apache Struts Open Source Framework Remote Code Execution - Lenovo Support US

2017-06-09 00:00:00

kitploit

struts-pwn - An exploit for Apache Struts CVE-2017-5638

2017-03-14 13:34:00

Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638

2017-03-17 14:22:00

strutszeiro - Telegram Bot to manage botnets created with struts vulnerability (CVE-2017-5638)

2017-03-14 17:30:00

saint

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

Apache Struts 2 Jakarta Multipart Parser file upload command execution

2017-03-16 00:00:00

osv

CVE-2017-5638

2017-03-11 02:59:00

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

2018-10-18 19:24:26

thn

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

2018-09-20 13:54:00

New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild

2017-03-09 01:03:00

New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

2023-12-15 05:25:00

K43451236 : Apache Struts 2 vulnerability CVE-2017-5638

2017-03-09 00:00:00

atlassian

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:31:09

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:57:51

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:31:09

redhatcve

CVE-2017-5638

2017-03-08 11:53:37

checkpoint_advisories

Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638)

2017-03-07 00:00:00

Apache Struts 2 Content-Disposition Remote Code Execution (CVE-2017-5638)

2017-08-09 00:00:00

ubuntucve

CVE-2017-5638

2017-03-11 00:00:00

impervablog

Two New Trends Make Early Breach Detection and Prevention a Security Imperative

2022-08-31 13:47:34

Keeping Your WAF Relevant: Emergency Feed Pushes New Mitigations in Just Hours

2018-04-26 19:01:59

Clustering App Attacks with Machine Learning Part 3: Algorithm Results

2018-06-19 22:41:03

prion

Design/Logic Flaw

2017-03-11 02:59:00

rapid7community

Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic

2017-03-15 14:29:55

attackerkb

CVE-2017-5638

2017-03-11 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

trendmicroblog

Sound, Fury, And Nothing One Year After Equifax

2018-09-07 12:00:34

Linux is secure…right?

2017-06-15 19:00:13

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017

2017-09-15 14:59:53

vmware

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

cisa_kev

Apache Struts Remote Code Execution Vulnerability

2021-11-03 00:00:00

securelist

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

2023-12-14 13:00:40

seebug

S2-046: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-21 00:00:00

S2-045: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-06 00:00:00

cisco

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

2017-03-10 19:30:00

zdt

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution Exploit

2017-03-12 00:00:00

Apache Struts Jakarta Multipart Parser OGNL Injection Exploit

2017-03-15 00:00:00

veracode

Remote Code Execution (RCE) Through Jakarta Multipart Parser

2017-03-09 12:39:55

cert

Apache Struts 2 is vulnerable to remote code execution

2017-03-14 00:00:00

cloudfoundry

CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry

2017-03-14 00:00:00

nuclei

Apache Struts 2 - Remote Command Execution

2020-08-19 13:13:31

cvelist

CVE-2017-5638

2017-03-11 02:11:00

nvd

CVE-2017-5638

2017-03-11 02:59:00

cve

CVE-2017-5638

2017-03-11 02:59:00

huawei

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

2017-03-16 00:00:00

github

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

2018-10-18 19:24:26

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

2023-09-21 20:56:46

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

pentestit

UPDATE: Infection Monkey 1.6.1

2018-12-03 22:28:53

JexBoss: Java Deserialization Verification & EXploitation Tool!

2017-08-11 06:52:45

talosblog

2017 in Snort Signatures.

2018-01-29 11:37:00

Another Apache Struts Vulnerability Under Active Exploitation

2017-09-07 15:42:00

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

2019-09-17 08:09:45

nmap

http-vuln-cve2017-5638 NSE Script

2017-03-10 17:53:45

ics

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

oracle

Oracle Critical Patch Update Advisory - April 2017

2017-04-18 00:00:00

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.975 High

EPSS

Percentile

100.0%

JSON

Related for SELLIGENT_MESSAGE_STUDIO_RCE.NBIN