...
It is possible to perform a RCE attack with a malicious Content-Disposition
value or with improper Content-Length
header. If the Content-DispostionDisposition
/ Content-Length
value is not valid an exception is thrown which is then used to display an error message to a user. This is a different vector for the same vulnerability described in S2-045 (CVE-2017-5638).
...