Apache Struts 2 Jakarta Multipart Parser file upload command execution
Added: 03/16/2017CVE: CVE-2017-5638
BID: 96729
Background
Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture.Problem
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 improperly handles file upload. Remote attackers can execute arbitrary commands via a "#cmd=" string in a specially crafted Content-Type HTTP header.Resolution
Upgrade Struts 2.3.x series to Struts 2.3.32 or later, and Struts 2.5.x series to Struts 2.5.10.1 or later.References
https://cwiki.apache.org/confluence/display/WW/S2-045https://www.exploit-db.com/exploits/41570/
Limitations
Exploit works on vulnerable versions of Apache Struts 2.3.5 through 2.3.31 and 2.5 through 2.5.10.Back to exploit index