Child pages
  • S2-046

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Possible RCE when performing file upload based on Jakarta Multipart parser

Maximum security rating

Critical

Recommendation

Upgrade to Struts 2.3.32 or Struts 2.5.10.1

Affected Software

Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10

Reporter

Chris Frohoff cfrohoff <cfrohoff at qualcomm dot com>, Nike Zheng <nike dot zheng at dbappsecurity dot com dot cn>, Alvaro Munoz alvaro <alvaro dot munoz at hpe dot com>

CVE Identifier

CVE-2017-5638

...