| VID |
27105 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://struts.apache.org/docs/s2-045.html
https://struts.apache.org/docs/s2-046.html
* Platforms Affected:
Apache Struts 2.5.x prior to 2.5.10.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Struts (2.5.10.1 or later), available from the Apache Struts Web page at
https://struts.apache.org/download.cgi |
| Related URL |
CVE-2017-5638 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
