Child pages
  • S2-045

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

Possible Remote Code Execution when performing file upload based on Jakarta pluginMultipart parser.

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Possible RCE when performing file upload based on Jakarta Multipart parser

Maximum security rating

High

Recommendation

Upgrade to Struts 2.3.32 or Struts 2.5.10.1

Affected Software

Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10

Reporter

Nike Zheng <nike dot zheng at dbappsecurity dot com dot cn>

CVE Identifier

CVE-2017-5638

...