On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a crafted Content-Type, Content-Disposition, or Content-Length value.

This vulnerability has been assigned CVE-ID CVE-2017-5638.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2
On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a crafted Content-Type, Content-Disposition, or Content-Length value.

This vulnerability has been assigned CVE-ID CVE-2017-5638.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2

Security Impact Rating: Critical

CVE: CVE-2017-5638

Leave a Reply