50 Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability

Apache struts 2 3 5 2 3 31 apache struts 2 5 2 5 10.

Apache struts jakarta multipart parser remote code execution vulnerability. A remote code execution vulnerability cve 2017 5638 in the jakarta multipart parser in certain versions of the apache struts framework can enable a remote attacker to run arbitrary commands on the web server since its initial disclosure this vulnerability has received significant attention and is reportedly exploited in the wild. Apache struts officials have confirmed the vulnerability s2 045 and classified as high risk. Upgrade to struts 2 3 32 or struts 2 5 10 1. A remote code execution vulnerability exists in the jakarta multipart parser due to improper handling of the content type header.

The vulnerability is due to improper handling of the content type header and content length and content disposition header values by the affected software when performing a file upload based on the jakarta multipart parser. Apache struts 2 jakarta multipart parser code execution description this indicates an attack attempt to exploit a remote code execution vulnerability in apache struts. The vulnerability resides in the apache jakarta multipart parser and is triggered when it tries to parse the content type header of the http request allowing remote attackers to execute arbitrary code on the vulnerable server. Possible rce when performing file upload based on jakarta multipart parser.

A vulnerability in the jakarta multipart parser of apache struts could allow an unauthenticated remote attacker to execute arbitrary code on an affected system. An advisory has been published regarding a critical 0 day remote code execution vulnerability in apache struts.