Description

A Remote Code Execution vulnerability exists in Apache Struts2 when performing file upload based on Jakarta Multipart parser. It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user.

Affected versions: Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10

Remediation

If you are using Jakarta based file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or 2.5.10.1.

References

Security Bulletin S2-045

Related Vulnerabilities

Oracle Database Server CVE-2008-1814 Vulnerability (CVE-2008-1814)

Oracle Database Server CVE-2021-2332 Vulnerability (CVE-2021-2332)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26746)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)

MySQL CVE-2019-2635 Vulnerability (CVE-2019-2635)

Severity

Critical

Classification

CVE-2017-5638 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities