漏洞类别:Web Application
漏洞等级: 
漏洞信息
Apache Struts is a framework for building web applications.
Apache Struts was found to be prone to a remote code execution vulnerability described in CVE-2017-5638
The vulnerability exists due to improper handling of requests with a malicious Content-Disposition value. If the Content-Dispostion value is'n valid, an exception is occurs which is then used to display an error message to a user.
This is a different vector for the same vulnerability described in S2-045.
Affected software:
Apache Struts 2.3.5 to 2.3.31
Apache Struts 2.5 to 2.5.10
漏洞危害
If successful, an attacker can execute arbitrary code on the targeted system, when performing a file upload based on Jakarta Multipart parser.
解决方案
Upgrade to the latest version of the Apache Struts 2 framework to fix these issues. For more details, please refer to Apache Security Bulletin S2-046
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论