CVE-2017-5638

Confirmed PUBLISHED

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message...

Apache Software Foundation · Apache Struts
Exploited in the wild Used in malware PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical EPSS 100.0%

At a Glance

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

nuclei_scanner apache cisa malware metasploit ransomware
CVE Published
Mar 11, 2017
Exploitation Reported
Nov 03, 2021
CVSS
9.8 Critical
EPSS
100.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Apache Software Foundation
Apache Struts

2.3.x before 2.3.32

Affected
Apache Software Foundation
Apache Struts

2.5.x before 2.5.10.1

Affected

CVE References

  • VU#834067 kb.cert.org · Third-Party Advisory https://www.kb.cert.org/vuls/id/834067
  • 41570 exploit-db.com · Exploit https://exploit-db.com/exploits/41570
  • 41614 exploit-db.com · Exploit https://www.exploit-db.com/exploits/41614/
  • 1037973 securitytracker.com · VDB Entry http://www.securitytracker.com/id/1037973
  • 96729 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/96729
Show 28 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.