CVE-2017-5638 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Jakarta Multipart parser in Apache Struts affects v. 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
Apache Struts 2 is a widely used open-source web application framework for developing Java EE web applications. One of the key components of this framework is the Jakarta Multipart parser, which is used to handle file upload requests. The Jakarta Multipart parser is responsible for parsing the uploaded files and extracting the content from them. The parser is also responsible for handling errors and generating error messages when there is an issue with the file upload.
One of the most significant vulnerabilities that was detected in the Jakarta Multipart parser is the CVE-2017-5638 vulnerability. This vulnerability allows remote attackers to execute arbitrary commands on the server by manipulating the HTTP headers in the file upload request. Specifically, attackers can use a crafted Content-Type, Content-Disposition, or Content-Length header with a #cmd= string to execute arbitrary commands on the server. This vulnerability was exploited in the wild in March 2017, and it affected Apache Struts versions 2.3.x and 2.5.x.
If this vulnerability is exploited, attackers can gain complete control over the targeted server. They can access sensitive data, execute arbitrary commands, and launch further attacks on other systems connected to the server. This vulnerability is particularly dangerous because it is relatively easy to exploit and can be targeted with a simple HTTP request.
Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. The platform provides comprehensive vulnerability scanning and reporting tools that can help individuals and organizations identify and remediate security weaknesses in their systems. Using s4e.io, users can stay up-to-date on the latest security threats and vulnerabilities, and take proactive steps to protect their digital assets from potential attacks.
REFERENCES
- http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
- http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt
- http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.securityfocus.com/bid/96729
- http://www.securitytracker.com/id/1037973
- https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/
- https://cwiki.apache.org/confluence/display/WW/S2-045
- https://cwiki.apache.org/confluence/display/WW/S2-046
- https://exploit-db.com/exploits/41570
- https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a
- https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228
- https://github.com/mazen160/struts-pwn
- https://github.com/rapid7/metasploit-framework/issues/8064
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us
- https://isc.sans.edu/diary/22169
- https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
- https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html
- https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt
- https://security.netapp.com/advisory/ntap-20170310-0001/
- https://struts.apache.org/docs/s2-045.html
- https://struts.apache.org/docs/s2-046.html
- https://support.lenovo.com/us/en/product_security/len-14200
- https://twitter.com/theog150/status/841146956135124993
- https://www.exploit-db.com/exploits/41614/
- https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/
- https://www.kb.cert.org/vuls/id/834067
- https://www.symantec.com/security-center/network-protection-security-advisories/SA145