{"id":1883,"date":"2017-03-16T03:51:57","date_gmt":"2017-03-16T09:51:57","guid":{"rendered":"https:\/\/www.supportpro.com\/blog\/?p=1883"},"modified":"2026-03-26T04:11:18","modified_gmt":"2026-03-26T10:11:18","slug":"cve-2017-5638-apache-struts-2-vulnerability","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/cve-2017-5638-apache-struts-2-vulnerability\/","title":{"rendered":"CVE-2017-5638: Apache Struts 2 Vulnerability"},"content":{"rendered":"\n

Apache Struts 2<\/strong> is an open-source framework widely used for developing Java web applications.<\/p>\n\n\n\n

On March 6, 2017<\/strong>, a critical security vulnerability identified as CVE-2017-5638<\/strong> was publicly disclosed. This flaw allowed attackers to execute remote code on vulnerable servers by sending specially crafted malicious requests.<\/p>\n\n\n\n

The vulnerability occurs when a server processes file uploads using a Jakarta-based multipart parser<\/strong>. Attackers can exploit this weakness by embedding malicious commands within the Content-Type header<\/strong> of a file upload request. When processed by affected versions of Apache Struts 2, the server may execute these commands, leading to unauthorized access or complete system compromise.<\/p>\n\n\n\n

The issue specifically affects Apache Struts 2.3.x versions prior to 2.3.32<\/strong> and 2.5.x versions prior to 2.5.10.1<\/strong>, where improper handling of multipart file uploads enables remote attackers to run arbitrary commands using crafted input strings.<\/p>\n\n\n\n

Solution<\/h3>\n\n\n\n

Security researchers from both Cisco and Apache strongly recommend upgrading Apache Struts installations to version 2.3.32<\/strong> or 2.5.10.1 (or later)<\/strong> to eliminate the vulnerability and protect systems from exploitation.<\/p>\n\n\n\n

If you require help, contact SupportPRO Server Admin<\/a><\/p>\n\n\n\n

<\/a><\/span><\/span><\/p>\n\n\n\n

\n

Facing issues? <\/p>\n\n\n\n

Our technical support
engineers can solve it. <\/p>\n\n\n\n\"Contact<\/a><\/span>