CVE-2017-5638

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

References

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.securityfocus.com/bid/96729

http://www.securitytracker.com/id/1037973

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

https://cwiki.apache.org/confluence/display/WW/S2-045

https://cwiki.apache.org/confluence/display/WW/S2-046

https://exploit-db.com/exploits/41570

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228

https://github.com/mazen160/struts-pwn

https://github.com/rapid7/metasploit-framework/issues/8064

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

https://isc.sans.edu/diary/22169

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

https://security.netapp.com/advisory/ntap-20170310-0001/

https://struts.apache.org/docs/s2-045.html

https://struts.apache.org/docs/s2-046.html

https://support.lenovo.com/us/en/product_security/len-14200

https://twitter.com/theog150/status/841146956135124993

https://www.exploit-db.com/exploits/41614/

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

https://www.kb.cert.org/vuls/id/834067

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

Details

Source: MITRE

Published: 2017-03-11

Updated: 2021-02-24

Type: CWE-20

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
112726Apache Struts 2.3.5 < 2.3.32 / 2.5.x < 2.5.10.1 Remote Code Execution (S2-045 / S2-046)Web Application ScanningComponent Vulnerability
critical
141576Selligent Message Studio Struts Code Execution (CVE-2017-5638)NessusCGI abuses
critical
136998Oracle WebCenter Sites Multiple Vulnerabilities (April 2017 CPU)NessusWindows
critical
103663Oracle WebLogic Server Multiple VulnerabilitiesNessusMisc.
critical
101815Oracle WebLogic Server Multiple Vulnerabilities (July 2017 CPU)NessusMisc.
critical
99593MySQL Enterprise Monitor 3.1.x < 3.1.7.8023 / 3.2.x < 3.2.7.1204 / 3.3.x < 3.3.3.1199 Multiple Vulnerabilities (April 2017 CPU)NessusCGI abuses
critical
99528Oracle WebLogic Server Multiple Vulnerabilities (April 2017 CPU)NessusMisc.
critical
700055Apache Struts 2 RCE (CVE-2017-5638) (deprecated)Nessus Network MonitorWeb Servers
critical
97610Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)NessusCGI abuses
critical
97576Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)NessusMisc.
critical