...
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | Possible RCE when performing file upload based on Jakarta Multipart parser |
Maximum security rating | Critical |
Recommendation | Upgrade to Struts 2.3.32 or Struts 2.5.10.1 |
Affected Software | Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10 |
Reporter | Chris Frohoff cfrohoff at qualcomm dot com, Alvaro Munoz alvaro dot munoz at hpe dot com> |
CVE Identifier | CVE-2017-5638 |
...
It is possible to perform a RCE attack with a malicious Content-Disposition
value or with improper Content-Length
header. If the Content-Dispostion
value isn't / Content-Length
value is not valid an exception is thrown which is then used to display an error message to a user. This is a different vector for the same vulnerability described in S2-045 (CVE-2017-5638).
...