Giters

0x00-0x00 / CVE-2017-5638

Struts02 s2-045 exploit program

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2017-5638 | Struts s2-045

Description

It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user.

Affected versions

  • Struts 2.3.5
  • Struts 2.3.31
  • Struts 2.5
  • Struts 2.5.10

Exploitation

Remediation

To remediate this issue, update the affected software to apply the security patch.

Struts 2.3.32 or 2.5.10.1 are versions that are patched against this particular issue.

Author

This exploit program was written by zc00l (ANDRE LUIS .. MARQUES);

In case of modification or use, the credits must not be stripped from the work.

Resource

https://cwiki.apache.org/confluence/display/WW/S2-045

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638

About

Struts02 s2-045 exploit program

Languages

Language:Go 100.0%