Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability

PUBLISHED:
10 March 2017

Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability

Apache issued an emergency security alert as, Apache Struts was exposed to a high-risk remote command execution vulnerability, tracked as CVE-2017-5638. Public exploits are readily available. Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, Struts is widely used in large-scale Internet companies, government, financial institutions and other sites, and as the development of the underlying template to use.

Affected Versions

  • Apache Struts 2.3.5 – 2.3.31
  • Apache Struts 2.5 – 2.5.10

Recommended Course of Action

Upgrade to Struts 2.3.32 or Struts 2.5.10.1

More Information

Critical Linux Kernel Vulnerability Allows Unprivileged Local Users to Gain Root Privileges (CVE-2026-31431)

READ MORE READ MORE

Critical Microsoft SharePoint Flaw Exploitations in the Wild

READ MORE READ MORE
15 January 2025 [NO.TCSA : 20250115-1-1-E]

Auth Bypass Vulnerability Exploited in Wild to Hijack Fortinet Firewalls

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN