Home Server Security CVE-2017-5638: Apache Struts 2 Vulnerability

CVE-2017-5638: Apache Struts 2 Vulnerability

by Bella

Apache Struts 2 is an open-source development framework for Java applications.
On March 6th, 2017, a vulnerability tracked as CVE-2017-5638 in Apache Struts 2 was made public. This vulnerability could allow an attacker to perform remote code execution with malicious Content.
This particular vulnerability can be exploited if the attacker sends a  request to upload a file to a vulnerable server that uses a Jakarta-based plugin to process the upload request.
The attacker can then send malicious code in the Content-Type header to execute the command on a vulnerable server.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string as exploited in the wild in March 2017.

Solution
===========
Both Cisco and Apache researchers asked administrators to upgrade their systems to Apache Struts version 2.3.32 or 2.5.10.1

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Leave a Comment

CONTACT US

Sales and Support

Phone: 1-(847) 607-6123
Fax: 1-(847)-620-0626
Sales: sales@supportpro.com
Support: clients@supportpro.com
Skype ID: sales_supportpro

Postal Address

1020 Milwaukee Ave, #245,
Deerfield, IL-60015
USA

©2022  SupportPRO.com. All Rights Reserved