Apache Struts2 RCE CVE-2017-5638 Scanner

Details
Stay Up To Date
Asset Type

domain,ip,url

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Apache Struts2 RCE CVE-2017-5638 Scanner Detail

There is a remote code execution vulnerability in Apache Struts2.

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

Some Advice for Common Problems

You need to update your Apache Struts2 server to the latest version.

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service