Apache Struts2 RCE CVE-2017-5638 Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Apache Struts2 RCE CVE-2017-5638 Scanner Detail

There is a remote code execution vulnerability in Apache Struts2.

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

Some Advice for Common Problems

You need to update your Apache Struts2 server to the latest version.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service