This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • S2-045

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Possible RCE when performing file upload based on Jakarta Multipart parser

Maximum security rating

HighCritical

Recommendation

Upgrade to Struts 2.3.32 or Struts 2.5.10.1

Affected Software

Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10

Reporter

Nike Zheng <nike dot zheng at dbappsecurity dot com dot cn>

CVE Identifier

CVE-2017-5638

...