CyberSec.Space Logo
Back to CVE Browser

CVE-2017-5638

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score89.8030%
EPSS Percentile87.66th
PublishedMar 11, 2017
Last ModifiedApr 21, 2026

Vulnerability Description

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Affected Platforms (CPE)

πŸ“¦
Apache

Struts

>= 2.2.3 and < 2.3.32
πŸ“¦
Apache

Struts

>= 2.5.0 and < 2.5.10.1
πŸ’»
Ibm

Storwize V3500 Firmware

= 7.7.1.6
πŸ’»
Ibm

Storwize V3500 Firmware

= 7.8.1.0
πŸ’»
Ibm

Storwize V5000 Firmware

= 7.7.1.6
πŸ’»
Ibm

Storwize V5000 Firmware

= 7.8.1.0
πŸ’»
Ibm

Storwize V7000 Firmware

= 7.7.1.6
πŸ’»
Ibm

Storwize V7000 Firmware

= 7.8.1.0
πŸ’»
Lenovo

Storage V5030 Firmware

= 7.7.1.6
πŸ’»
Lenovo

Storage V5030 Firmware

= 7.8.1.0
πŸ“¦
Hp

Server Automation

= 9.1.0
πŸ“¦
Hp

Server Automation

= 10.0.0
πŸ“¦
Hp

Server Automation

= 10.1.0
πŸ“¦
Hp

Server Automation

= 10.2.0
πŸ“¦
Hp

Server Automation

= 10.5.0
πŸ“¦
Oracle

Weblogic Server

= 10.3.6.0.0
πŸ“¦
Oracle

Weblogic Server

= 12.1.3.0.0
πŸ“¦
Oracle

Weblogic Server

= 12.2.1.1.0
πŸ“¦
Oracle

Weblogic Server

= 12.2.1.2.0
πŸ“¦
Arubanetworks

Clearpass Policy Manager

< 6.6.5
πŸ“¦
Netapp

Oncommand Balance

All versions

References & Advisories

πŸ”— http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
πŸ”— http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/
πŸ”— http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt
πŸ”— http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
πŸ”— http://www.securityfocus.com/bid/96729
πŸ”— http://www.securitytracker.com/id/1037973
πŸ”— https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

Related Vulnerabilities

CVE-2013-431610.0

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

CVE-2012-083810.0

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows re...

CVE-2020-175309.8

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :...

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...

CVE-2017-5638 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space