Skip to main content

Apache Zero-Day Vulnerability

A zero-day vulnerability in Apache Struts version 2 has been discovered. The vulnerability is a remote code execution bug that affects the Jakarta Multipart parser.
Threat ID:
CC-1263
Category:
Threat Severity:
Medium
Threat Vector:
Published:
16 March 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A zero-day vulnerability in Apache Struts version 2 has been discovered. The vulnerability is a remote code execution bug that affects the Jakarta Multipart parser.

Threat details

The remote code execution vulnerability occurs in the Jakarta Multipart parser due to improper handling of the Content-Type header. Successful exploitation could result in execution of arbitrary code on the targeted system. An attacker can use malicious OGNL (Object-Graph Navigation Language) in Content-Type header to exploit this vulnerability and then execute the system command.

The attackers are able to carry out a variety of malicious attacks including injecting code into webpages. This results in the firewall protection of the server stopping which then allows malware to be downloaded. The attacks are using a publicly released Proof-Of-Concept (POC) to run various commands that range from “whoami” to more refined commands which can download and run malicious executables.

CVE Identifier:

CVE-2017-5638

Affected versions:

  • Apache Struts 2.3.5 – 2.3.31
  • Apache Struts 2.5 – 2.5.10

Remediation steps

Type Step
Apache have released updated versions of Apache Struts (2.3.32 / 2.5.10.1) to mitigate this risk. Immediate upgrading to Apache Struts version is recommended.

CVE Vulnerabilities

Status

CVE-2017-5638

Last edited: 17 February 2020 11:26 am