CVE-2017-5638 (struts)

Posted on 2017년 3월 11일2017년 3월 14일 by admin

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

Source: CVE-2017-5638 (struts)

답글 남기기 응답 취소