Threat Landscape Dashboard

Assessing today's threats and the relationships between them

CVE-2017-5638

8.00
6.00
Description:

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

Modified Date:

2017-05-13