Apache Struts2 Jakarta Multipart Parser Vulnerability (CVE-2017-5638)

 

Vulnerability Description

The vulnerability exists within the Jakarta Multipart parser in Apache Struts. It is trivial to exploit the vulnerability and exploit code has been released publicly. The vulnerability exploits the Content-Type in a Struts application action to perform command execution.

Exposure and Impact

Successful exploitation of this vulnerability can lead to direct command execution in the context of the user running the service. This is a true remote vulnerability that can be leveraged against a service running on the system.

Remediation & Mitigation

Apache recommends the following remediation and mitigation options:

  • Upgrade to Apache Struts version 2.3.32 or 2.5.10.1.
  • Switch from the Jakarta parser to the Pell parser.
  • Create a Servlet filter to reject Content-Type values are unexpected.
Detection

Tripwire is planning to release coverage for this CVE in ASPL-715.

References

Threat Email Updates

Receive the latest Threat Alerts directly in your inbox:

Press Contacts

Cindy Valladares
Director of Corporate Communications
503.784.8178