CVE-2017-5638 Scanner

Apache Struts 2 is a widely used open-source web application framework for developing Java EE web applications. One of the key components of this framework is the Jakarta Multipart parser, which is used to handle file upload requests. The Jakarta Multipart parser is responsible for parsing the uploaded files and extracting the content from them. The parser is also responsible for handling errors and generating error messages when there is an issue with the file upload.

One of the most significant vulnerabilities that was detected in the Jakarta Multipart parser is the CVE-2017-5638 vulnerability. This vulnerability allows remote attackers to execute arbitrary commands on the server by manipulating the HTTP headers in the file upload request. Specifically, attackers can use a crafted Content-Type, Content-Disposition, or Content-Length header with a #cmd= string to execute arbitrary commands on the server. This vulnerability was exploited in the wild in March 2017, and it affected Apache Struts versions 2.3.x and 2.5.x.

If this vulnerability is exploited, attackers can gain complete control over the targeted server. They can access sensitive data, execute arbitrary commands, and launch further attacks on other systems connected to the server. This vulnerability is particularly dangerous because it is relatively easy to exploit and can be targeted with a simple HTTP request.

Thanks to the pro features of the securityforeveryone.com platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. The platform provides comprehensive vulnerability scanning and reporting tools that can help individuals and organizations identify and remediate security weaknesses in their systems. Using securityforeveryone.com, users can stay up-to-date on the latest security threats and vulnerabilities, and take proactive steps to protect their digital assets from potential attacks.

REFERENCES

• http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
• http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/
• http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt
• http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.securityfocus.com/bid/96729
• http://www.securitytracker.com/id/1037973
• https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/
• https://cwiki.apache.org/confluence/display/WW/S2-045
• https://cwiki.apache.org/confluence/display/WW/S2-046
• https://exploit-db.com/exploits/41570
• https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a
• https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228
• https://github.com/mazen160/struts-pwn
• https://github.com/rapid7/metasploit-framework/issues/8064
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us
• https://isc.sans.edu/diary/22169
• https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
• https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
• https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
• https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html
• https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt
• https://security.netapp.com/advisory/ntap-20170310-0001/
• https://struts.apache.org/docs/s2-045.html
• https://struts.apache.org/docs/s2-046.html
• https://support.lenovo.com/us/en/product_security/len-14200
• https://twitter.com/theog150/status/841146956135124993
• https://www.exploit-db.com/exploits/41614/
• https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/
• https://www.kb.cert.org/vuls/id/834067
• https://www.symantec.com/security-center/network-protection-security-advisories/SA145