CVE

CVE-2017-5638 (struts)

admin

CVE-2017-5638 (struts)

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

Source: CVE-2017-5638 (struts)

Exit mobile version