CVE-2017-5638 | Struts s2-045
Description
It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user.
Affected versions
- Struts 2.3.5
- Struts 2.3.31
- Struts 2.5
- Struts 2.5.10
Exploitation
Remediation
To remediate this issue, update the affected software to apply the security patch.
Struts 2.3.32 or 2.5.10.1 are versions that are patched against this particular issue.
Author
This exploit program was written by zc00l (ANDRE LUIS .. MARQUES);
In case of modification or use, the credits must not be stripped from the work.
Resource
https://cwiki.apache.org/confluence/display/WW/S2-045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638