CVE-2017-5638

critical-risk

Published 2017-03-11

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Do I need to act?

94.3% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

2 public exploits available

41570, 41614

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Struts

Storwize V3500 Firmware

Storwize V5000 Firmware

Storwize V7000 Firmware

Storage V5030 Firmware

Server Automation

Weblogic Server

Clearpass Policy Manager

Oncommand Balance

Storwize V5000 Firmware

Storage V5030 Firmware

Server Automation

Weblogic Server

Affected Vendors

Oracle Hp Arubanetworks Ibm Apache Lenovo Netapp

References (67)

Exploit http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

Exploit http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-...

Third Party Advisory http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

Press/Media Coverage http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Broken Link http://www.securityfocus.com/bid/96729

Broken Link http://www.securitytracker.com/id/1037973

Exploit https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-at...

Mitigation https://cwiki.apache.org/confluence/display/WW/S2-045

Mitigation https://cwiki.apache.org/confluence/display/WW/S2-046

Exploit https://exploit-db.com/exploits/41570

Broken Link https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=3523064939...

Broken Link https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47...

Exploit https://github.com/mazen160/struts-pwn

Exploit https://github.com/rapid7/metasploit-framework/issues/8064

Broken Link https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...

Third Party Advisory https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...

Exploit https://isc.sans.edu/diary/22169

Mailing List https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a9...

and 47 more references

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 34/34 · Critical

Exposure 20/34 · Moderate