← volver
CVE-2017-5638

CVE-2017-5638

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-755
En resumen

Apache Struts 2 tiene una falla en cómo maneja las cargas de archivo que permite a atacantes ejecutar comandos maliciosos en un servidor enviando headers HTTP especialmente diseñados. Esta es una vulnerabilidad crítica que fue explotada en ataques reales.

Detalle técnico

El parser Jakarta Multipart en Apache Struts 2 (versiones 2.3.x anteriores a 2.3.32 y 2.5.x anteriores a 2.5.10.1) maneja incorrectamente las excepciones durante el procesamiento de datos multipart, permitiendo ejecución remota de código através de inyección OGNL mediante headers HTTP maliciosos como Content-Type, Content-Disposition o Content-Length. La vulnerabilidad requiere solo acceso de red a un endpoint de la aplicación afectada sin autenticación, resultando en ejecución arbitraria de comandos en el servidor.

Resumen generado y traducido por IA a partir de la descripción oficial.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Apache Software Foundation · Apache Struts
PoCs públicas encontradas89
githubgithub.com/mazen160/struts-pwn443githubgithub.com/Flyteas/Struts2-045-Exp61githubgithub.com/immunio/apache-struts2-CVE-2017-563835githubgithub.com/jas502n/S2-045-EXP-POC-TOOLS25githubgithub.com/PolarisLab/S2-04524githubgithub.com/jas502n/st2-046-poc21githubgithub.com/xsscx/cve-2017-563821githubgithub.com/ret2jazzy/Struts-Apache-ExploitPack16githubgithub.com/win3zz/CVE-2017-563816githubgithub.com/jrrdev/cve-2017-563814githubgithub.com/sUbc0ol/Apache-Struts2-RCE-Exploit-v2-CVE-2017-563813githubgithub.com/Iletee/struts2-rce11githubgithub.com/tahmed11/strutsy10githubgithub.com/initconf/CVE-2017-5638_struts8githubgithub.com/payatu/CVE-2017-56388githubgithub.com/0x00-0x00/CVE-2017-56386githubgithub.com/R4v3nBl4ck/Apache-Struts-2-CVE-2017-5638-Exploit-3githubgithub.com/falcon-lnhg/StrutsShell3githubgithub.com/Nithylesh/web-application-firewall-3githubgithub.com/iampetru/PoC-CVE-2017-56383githubgithub.com/opt9/Strutscli2githubgithub.com/aljazceru/CVE-2017-5638-Apache-Struts22githubgithub.com/Greynad/struts2-jakarta-inject2githubgithub.com/andypitcher/check_struts2githubgithub.com/lolwaleet/ExpStruts2githubgithub.com/opt9/Strutshock2githubgithub.com/Kouf320/docker-lab-cve-2017-5638-cve-2021-417732githubgithub.com/jpacora/Struts2Shell1githubgithub.com/Masahiro-Yamada/OgnlContentTypeRejectorValve1githubgithub.com/oktavianto/CVE-2017-5638-Apache-Struts21githubgithub.com/KarzsGHR/S2-046_S2-045_POC1githubgithub.com/riyazwalikar/struts-rce-cve-2017-56381githubgithub.com/sighup1/cybersecurity-struts21githubgithub.com/m3ssap0/struts2_cve-2017-56381githubgithub.com/ggolawski/struts-rce1githubgithub.com/un4ckn0wl3z/CVE-2017-56381githubgithub.com/ludy-dev/XworkStruts-RCE1githubgithub.com/jongmartinez/CVE-2017-56381githubgithub.com/jptr218/struts_hack1githubgithub.com/kloutkake/CVE-2017-5638-PoC1githubgithub.com/haxerr9/CVE-2017-56381githubgithub.com/ACharaf06/CVE-2017-5638-Attack-and-Defense1githubgithub.com/Xhendos/CVE-2017-56380githubgithub.com/invisiblethreat/strutser0githubgithub.com/c002/Apache-Struts0githubgithub.com/donaldashdown/Common-Vulnerability-and-Exploit0githubgithub.com/MuhammadAbdullah192/CVE-2017-5638-Remote-Code-Execution-Apache-Struts2-EXPLOITATION0githubgithub.com/cafnet/apache-struts-v2-CVE-2017-56380githubgithub.com/jrrombaldo/CVE-2017-56380githubgithub.com/kaylertee/Computer-Security-Equifax-20170githubgithub.com/sjitech/test_struts2_vulnerability_CVE-2017-56380githubgithub.com/FozilCV/Apache-Struts2-CVE-2017-56380githubgithub.com/btamburi/strutszeiro0githubgithub.com/leandrocamposcardoso/CVE-2017-5638-Mass-Exploit0githubgithub.com/bongbongco/cve-2017-56380githubgithub.com/eeehit/CVE-2017-56380githubgithub.com/sUbc0ol/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner0githubgithub.com/gsfish/S2-Reaper0githubgithub.com/random-robbie/CVE-2017-56380githubgithub.com/TamiiLambrado/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner0githubgithub.com/colorblindpentester/CVE-2017-56380githubgithub.com/injcristianrojas/cve-2017-56380githubgithub.com/soufiane-benchahyd/vulhub-struts20githubgithub.com/sonatype-workshops/struts2-rce0githubgithub.com/AIPEACS/SC3010-Computer-Security0githubgithub.com/Badbird3/CVE-2017-56380githubgithub.com/testpilot031/vulnerability_struts-2.3.310githubgithub.com/readloud/CVE-2017-56380githubgithub.com/Tankirat/CVE-2017-56380githubgithub.com/mfdev-solution/Exploit-CVE-2017-56380githubgithub.com/mritunjay-k/CVE-2017-56380githubgithub.com/FredBrave/CVE-2017-5638-ApacheStruts2.3.50githubgithub.com/Majaktech/apache-struts-cve-2017-5638-project0githubgithub.com/Xernary/CVE-2017-5638-POC0githubgithub.com/timothyjxhn/DeliberatelyVulnerableWebApp0githubgithub.com/toothbrushsoapflannelbiscuits/cve-2017-56380githubgithub.com/Dungsocool/CVE-2017-56380githubgithub.com/QHxDr-dz/CVE-2017-56380githubgithub.com/joidiego/Detection-struts-cve-2017-5638-detector0githubgithub.com/Aasron/Struts2-045-Exp0githubgithub.com/SpiderMate/Stutsfi0githubgithub.com/mcassano/cve-2017-56380githubgithub.com/smancke/CVE-2017-56380githubgithub.com/homjxi0e/CVE-2017-56380cve_referencewww.exploit-db.com/exploits/41614/no verificadoexploitdbwww.exploit-db.com/exploits/41570no verificadoexploitdbwww.exploit-db.com/exploits/41614no verificadocve_referencepacketstormsecurity.com/files/141494/S2-45-poc.py.txtno verificadocve_referenceexploit-db.com/exploits/41570no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlhttp://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/https://cwiki.apache.org/confluence/display/WW/S2-045https://cwiki.apache.org/confluence/display/WW/S2-046https://exploit-db.com/exploits/41570https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519ahttps://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228https://github.com/mazen160/struts-pwnhttps://github.com/rapid7/metasploit-framework/issues/8064https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us