Security for everyone

CVE-2017-5638 Scanner

Detects 'Remote Code Execution (RCE)' vulnerability in Jakarta Multipart parser in Apache Struts affects v. 2 2.3.x before 2.3.32 and 2.5.x before


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one


Parent Category

CVE-2017-5638 Scanner Detail

Apache Struts 2 is a widely used open-source web application framework for developing Java EE web applications. One of the key components of this framework is the Jakarta Multipart parser, which is used to handle file upload requests. The Jakarta Multipart parser is responsible for parsing the uploaded files and extracting the content from them. The parser is also responsible for handling errors and generating error messages when there is an issue with the file upload.

One of the most significant vulnerabilities that was detected in the Jakarta Multipart parser is the CVE-2017-5638 vulnerability. This vulnerability allows remote attackers to execute arbitrary commands on the server by manipulating the HTTP headers in the file upload request. Specifically, attackers can use a crafted Content-Type, Content-Disposition, or Content-Length header with a #cmd= string to execute arbitrary commands on the server. This vulnerability was exploited in the wild in March 2017, and it affected Apache Struts versions 2.3.x and 2.5.x.

If this vulnerability is exploited, attackers can gain complete control over the targeted server. They can access sensitive data, execute arbitrary commands, and launch further attacks on other systems connected to the server. This vulnerability is particularly dangerous because it is relatively easy to exploit and can be targeted with a simple HTTP request.

Thanks to the pro features of the platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. The platform provides comprehensive vulnerability scanning and reporting tools that can help individuals and organizations identify and remediate security weaknesses in their systems. Using, users can stay up-to-date on the latest security threats and vulnerabilities, and take proactive steps to protect their digital assets from potential attacks.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture