{"vuid":"VU#834067","idnumber":"834067","name":"Apache Struts 2 is vulnerable to remote code execution","keywords":["struts","rce","code injection","CWE-94"],"overview":"Apache Struts, versions 2.3.5 - 2.3.31 and 2.5 - 2.5.10, is vulnerable to code injection leading to remote code execution (RCE).","clean_desc":"CWE-94: Improper Control of Generation of Code - CVE-2017-5638\nAn attacker can execute arbitrary OGNL code included in the \"Content-Type\" header of a file upload. This vulnerability is actively being exploited.","impact":"An unauthenticated remote attacker can execute arbitrary commands with the privileges of the user running Apache Struts.","resolution":"Apply an update\nUpdate to Apache Struts 2.3.32 or 2.5.10.1","workarounds":"If you are unable to update Struts, please see the workaround suggested by Apache here.","sysaffected":"","thanks":"","author":"This document was written by Trent Novelly.","public":["https://cwiki.apache.org/confluence/display/WW/S2-045","http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html","https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/","http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/","https://github.com/rapid7/metasploit-framework/issues/8064","https://www.exploit-db.com/exploits/41570/","https://cwe.mitre.org/data/definitions/94.html"],"cveids":["CVE-2017-5638"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2017-03-14T19:45:54Z","publicdate":"2017-03-06T00:00:00Z","datefirstpublished":"2017-03-14T21:02:51Z","dateupdated":"2017-03-14T21:02:52Z","revision":9,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.7","cvss_environmentalscore":"8.6952104064","cvss_environmentalvector":"CDP:N/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}