CVE-2017-5638

Published: Mar 11, 2017Modified: Apr 21, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Affected (21)

Products: Apache: Struts · Ibm: Storwize V3500 Firmware, Storwize V5000 Firmware, Storwize V7000 Firmware · Lenovo: Storage V5030 Firmware · +4 more

Show all products

Apache: Struts · Ibm: Storwize V3500 Firmware, Storwize V5000 Firmware, Storwize V7000 Firmware · Lenovo: Storage V5030 Firmware · Hp: Server Automation · Oracle: Weblogic Server · Arubanetworks: Clearpass Policy Manager · Netapp: Oncommand Balance

Apache

1 product

Struts

Ibm

3 products

Storwize V3500 Firmware

Storwize V5000 Firmware

Storwize V7000 Firmware

Lenovo

1 product

Storage V5030 Firmware

1 product

1 product

1 product

Clearpass Policy Manager

Netapp

1 product

Oncommand Balance

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Struts	From 2.2.3 to 2.3.32
Apache Struts	From 2.5.0 to 2.5.10.1

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V3500 Firmware	Version 7.7.1.6
Ibm Storwize V3500 Firmware	Version 7.8.1.0

Running on/with	Platform Versions
Ibm Storwize V3500	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V5000 Firmware	Version 7.7.1.6
Ibm Storwize V5000 Firmware	Version 7.8.1.0

Running on/with	Platform Versions
Ibm Storwize V5000	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V7000 Firmware	Version 7.7.1.6
Ibm Storwize V7000 Firmware	Version 7.8.1.0

Running on/with	Platform Versions
Ibm Storwize V7000	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Storage V5030 Firmware	Version 7.7.1.6
Lenovo Storage V5030 Firmware	Version 7.8.1.0

Running on/with	Platform Versions
Lenovo Storage V5030	All versions

Configuration F

5 vulnerable

Vulnerable Software	Affected Versions
Hp Server Automation	Version 10.0.0
Hp Server Automation	Version 10.1.0
Hp Server Automation	Version 10.2.0
Hp Server Automation	Version 10.5.0
Hp Server Automation	Version 9.1.0

Configuration G

4 vulnerable

Vulnerable Software	Affected Versions
Oracle Weblogic Server	Version 10.3.6.0.0
Oracle Weblogic Server	Version 12.1.3.0.0
Oracle Weblogic Server	Version 12.2.1.1.0
Oracle Weblogic Server	Version 12.2.1.2.0

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Clearpass Policy Manager	Before 6.6.5

Configuration I

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Oncommand Balance	All versions

Related CWEs

CWE-755

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (67)

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

Source: security@apache.org

ExploitThird Party Advisory

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

Source: security@apache.org

ExploitThird Party Advisory

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

Source: security@apache.org

Third Party Advisory

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

Source: security@apache.org

Press/Media CoverageThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Source: security@apache.org

PatchThird Party Advisory

http://www.securityfocus.com/bid/96729

Source: security@apache.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037973

Source: security@apache.org

Broken LinkThird Party AdvisoryVDB Entry

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

Source: security@apache.org

ExploitPress/Media Coverage

https://cwiki.apache.org/confluence/display/WW/S2-045

Source: security@apache.org

MitigationVendor Advisory

https://cwiki.apache.org/confluence/display/WW/S2-046

Source: security@apache.org

MitigationVendor Advisory

https://exploit-db.com/exploits/41570

Source: security@apache.org

ExploitThird Party AdvisoryVDB Entry

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

Source: security@apache.org

Broken Link

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

Source: security@apache.org

Broken Link

https://github.com/mazen160/struts-pwn

Source: security@apache.org

Exploit

https://github.com/rapid7/metasploit-framework/issues/8064

Source: security@apache.org

ExploitIssue Tracking

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

Source: security@apache.org

Broken Link

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

Source: security@apache.org

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

Source: security@apache.org

Third Party Advisory

https://isc.sans.edu/diary/22169

Source: security@apache.org

ExploitThird Party Advisory

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

Source: security@apache.org

Mailing List

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

Source: security@apache.org

Mailing List

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

Source: security@apache.org

Mailing List

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

Source: security@apache.org

ExploitThird Party Advisory

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

Source: security@apache.org

ExploitThird Party AdvisoryVDB EntryBroken Link

https://security.netapp.com/advisory/ntap-20170310-0001/

Source: security@apache.org

Third Party Advisory

https://struts.apache.org/docs/s2-045.html

Source: security@apache.org

MitigationVendor Advisory

https://struts.apache.org/docs/s2-046.html

Source: security@apache.org

MitigationVendor Advisory

https://support.lenovo.com/us/en/product_security/len-14200

Source: security@apache.org

Third Party Advisory

https://twitter.com/theog150/status/841146956135124993

Source: security@apache.org

Broken LinkThird Party Advisory

https://www.exploit-db.com/exploits/41614/

Source: security@apache.org

ExploitThird Party AdvisoryVDB Entry

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

Source: security@apache.org

Third Party Advisory

https://www.kb.cert.org/vuls/id/834067

Source: security@apache.org

Third Party AdvisoryUS Government Resource

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

Source: security@apache.org

Broken Link

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html