...
| Excerpt |
|---|
Possible Remote Code Execution when performing file upload based on Jakarta pluginMultipart parser. |
Who should read this | All Struts 2 developers and users |
|---|---|
Impact of vulnerability | Possible RCE when performing file upload based on Jakarta Multipart parser |
Maximum security rating | High |
Recommendation | Upgrade to Struts 2.3.32 or Struts 2.5.10.1 |
Affected Software | Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10 |
Reporter | Nike Zheng <nike dot zheng at dbappsecurity dot com dot cn> |
CVE Identifier | CVE-2017-5638 |
...