Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability

PUBLISHED:
10 March 2017

Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability

Apache issued an emergency security alert as, Apache Struts was exposed to a high-risk remote command execution vulnerability, tracked as CVE-2017-5638. Public exploits are readily available. Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, Struts is widely used in large-scale Internet companies, government, financial institutions and other sites, and as the development of the underlying template to use.

Affected Versions

  • Apache Struts 2.3.5 – 2.3.31
  • Apache Struts 2.5 – 2.5.10

Recommended Course of Action

Upgrade to Struts 2.3.32 or Struts 2.5.10.1

More Information

9 March 2023 [NO.TCSA : 20230309-1-1-P]

A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

READ MORE READ MORE
20 February 2023 [NO.TCSA : 20230220-1-1-P]

Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb

READ MORE READ MORE
16 January 2023 [NO.TCSA : 20230116-1-1-P]

Cacti Crisis: Severe Vulnerability Exploited in the Wild

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN