Skip to content
/ CVE-2017-5638 Public

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution - Shell Script

14 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

win3zz/CVE-2017-5638

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
cve-2017-5638.sh
cve-2017-5638.sh
 
 

Repository files navigation

CVE-2017-5638

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution - Shell Script

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Usage

./cve-2017-5638.sh <url> <cmd>

Example:

N|Solid

About

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution - Shell Script

Resources

Readme
Activity

Stars

14 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages