CVE-2017-5638

UNKNOWN

Published 2017-03-11T02:11:00.000Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-5638. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

9.8

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.943

probability

of exploitation in the wild

There is a 94.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.999

Higher than 99.9% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Available Exploits

Apache Struts 2 - Remote Command Execution

Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.

ID: CVE-2017-5638

Author: Random_Robbie Critical

References:

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Struts

Affected Versions:

2.3.x before 2.3.32 2.5.x before 2.5.10.1

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

May 3, 2022

Added to KEV

November 3, 2021

Required Action

Apply updates per vendor instructions.

Affected Product

Vendor/Project: Apache

Product: Struts

Ransomware Risk

Known Ransomware Use

KEV Catalog Version: 2025.01.24 Released: January 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

GHSA-j77q-2qqg-6989

Advisory Details

Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Affected Packages

Maven org.apache.struts:struts2-core

ECOSYSTEM: ≥2.3.0 <2.3.32

Maven org.apache.struts:struts2-core

ECOSYSTEM: ≥2.5.0 <2.5.10.1

CVSS Scoring

CVSS Score

9.0

CVSS Vector


                                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-5638

WEB https://github.com/rapid7/metasploit-framework/issues/8064

WEB https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b

WEB https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a

WEB https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites

WEB https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

WEB https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

WEB https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

WEB https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

WEB https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

WEB https://security.netapp.com/advisory/ntap-20170310-0001

WEB https://struts.apache.org/docs/s2-045.html

WEB https://struts.apache.org/docs/s2-046.html

WEB https://support.lenovo.com/us/en/product_security/len-14200

WEB https://twitter.com/theog150/status/841146956135124993

WEB https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729

WEB https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973

WEB https://www.exploit-db.com/exploits/41614

WEB https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

WEB https://www.kb.cert.org/vuls/id/834067

WEB https://www.symantec.com/security-center/network-protection-security-advisories/SA145

WEB https://cwiki.apache.org/confluence/display/WW/S2-045

WEB https://cwiki.apache.org/confluence/display/WW/S2-046

WEB https://exploit-db.com/exploits/41570

WEB https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

WEB https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

WEB https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a

WEB https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228

ADVISORY https://github.com/advisories/GHSA-j77q-2qqg-6989

PACKAGE https://github.com/apache/struts

WEB https://github.com/mazen160/struts-pwn

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

WEB https://isc.sans.edu/diary/22169

WEB https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

WEB https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

WEB https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

WEB http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

WEB http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution

WEB http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

WEB http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

WEB http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

WEB http://www.securityfocus.com/bid/96729

WEB http://www.securitytracker.com/id/1037973

Advisory provided by GitHub Security Advisory Database. Published: October 18, 2018, Modified: July 25, 2024

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

6 posts

Reddit • 5 days, 3 hours ago

profess-x

Exploit

Hackerin **🚨 Novos Labs de CVEs no Hackerin — Treine com Vulnerabilidades Reais como Equifax e Drupalgeddon 🚨** Fala, hackers 👾 Acabamos de lançar dois **labs focados em CVEs** na plataforma [**Hackerin**]() — feitos para te dar experiência prática com vulnerabilidades reais que marcaram a história da segurança da informação. …

Also mentions: CVE-2018-7600

3.0

View Original High Risk

Reddit • 5 days, 3 hours ago

profess-x

Exploit

Also mentions: CVE-2018-7600

0.0

View Original High Risk

Reddit • 3 weeks, 5 days ago

profess-x

PoC

Hackerin update Se você quer **aprender na prática como funcionaram algumas das vulnerabilidades mais famosas da história**, acabamos de lançar novos conteúdos na nossa plataforma (100% em português 🇧🇷). 👉 Módulos recém-lançados: * Heartbleed (**CVE-2014-0160**) * EternalBlue (**CVE-2017-0144**) * Dirty COW (**CVE-2016-5195**) * Drupalgeddon2 (**CVE-2018-7600**) * WordPress RevSlider (**CVE-2014-9735**) * …

Also mentions: CVE-2022-0847 CVE-2019-0708 CVE-2018-7600 CVE-2017-0144 CVE-2016-5195 CVE-2014-6271 CVE-2014-0160 CVE-2014-9735 CVE-2008-4250

0.0

View Original High Risk

Reddit • 3 weeks, 5 days ago

profess-x

PoC

Also mentions: CVE-2022-0847 CVE-2019-0708 CVE-2018-7600 CVE-2017-0144 CVE-2016-5195 CVE-2014-6271 CVE-2014-0160 CVE-2014-9735 CVE-2008-4250

0.0

View Original High Risk

Reddit • 3 weeks, 5 days ago

profess-x

PoC

Also mentions: CVE-2022-0847 CVE-2019-0708 CVE-2018-7600 CVE-2017-0144 CVE-2016-5195 CVE-2014-6271 CVE-2014-0160 CVE-2014-9735 CVE-2008-4250

6.0

View Original High Risk

Reddit • 3 weeks, 6 days ago

Immediate_Gold9789

Exploit PoC

CyberDudeBivash | Vulnerability Scanning & Risk Prioritization Cybersecurity, AI & Threat Intelligence Network www.cyberdudebivash.com # Introduction: Why Vulnerability Scanning Matters In today’s **AI-powered cyber threat landscape**, attackers continuously exploit vulnerabilities to gain footholds inside networks. Enterprises face thousands of new CVEs every year, but **not all vulnerabilities pose equal risk**. …

1.0

View Original High Risk