1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Apache Struts CVE-2017-5638

Attack: Apache Struts CVE-2017-5638

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application.

Additional Information

Apache Struts is a framework for building Web applications.

Apache Struts is prone to a remote code-execution vulnerability. Specifically, this issue affects the Jakarta based file upload Multipart parser. An attacker can exploit this issue through a malicious Content-Type value.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application.

Affected

  • Versions prior to Apache Struts 2.3.32 and 2.5.10.1 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube