Apache-Struts-CVE-2017-5638-Remote-Code-Execution-Vulnerability.json

{
  "Name": "Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability",
  "Description": "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.",
  "Product": "Struts2",
  "Homepage": "http://struts.apache.org/",
  "DisclosureDate": "2017-03-10",
  "Author": "gobysec@gmail.com",
  "FofaQuery": "app=\"Struts2\"",
  "GobyQuery": "app=\"Struts2\"",
  "Level": "3",
  "Impact": "This issue may lead to Remote Code execution.",
  "Recommendation": "",
  "References": [
    "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html",
    "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/",
    "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt",
    "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html",
    "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
    "http://www.securityfocus.com/bid/96729",
    "http://www.securitytracker.com/id/1037973",
    "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/",
    "https://cwiki.apache.org/confluence/display/WW/S2-045",
    "https://cwiki.apache.org/confluence/display/WW/S2-046",
    "https://exploit-db.com/exploits/41570",
    "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a",
    "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228",
    "https://github.com/mazen160/struts-pwn",
    "https://github.com/rapid7/metasploit-framework/issues/8064",
    "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03733en_us",
    "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03749en_us",
    "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03723en_us",
    "https://isc.sans.edu/diary/22169",
    "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E",
    "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html",
    "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt",
    "https://security.netapp.com/advisory/ntap-20170310-0001/",
    "https://struts.apache.org/docs/s2-045.html",
    "https://struts.apache.org/docs/s2-046.html",
    "https://support.lenovo.com/us/en/product_security/len-14200",
    "https://twitter.com/theog150/status/841146956135124993",
    "https://www.exploit-db.com/exploits/41614/",
    "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/",
    "https://www.kb.cert.org/vuls/id/834067",
    "https://www.symantec.com/security-center/network-protection-security-advisories/SA145",
    "https://nvd.nist.gov/vuln/detail/CVE-2017-5638",
    "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638"
  ],
   "HasExp": true,
  "ExpParams": [
    {
      "Name": "AttackType",
      "Type": "select",
      "Value": "goby_shell_linux,cmd"
    },
	{
      "Name": "cmd",
      "Type": "input",
	  "show": "AttackType=cmd",
      "Value": "whoami"
    }
  ],
  "ExpTips": {
    "Type": "Tips",
    "Content": ""
  },
  "ScanSteps": null,
  "ExploitSteps": null,
  "Tags": [
    "rce"
  ],
  "CVEIDs": [
    "CVE-2017-5638"
  ],
  "CVSSScore": "10.0",
  "AttackSurfaces": {
    "Application": null,
    "Support": ["Struts2"],
    "Service": null,
    "System": null,
    "Hardware": null
  },
  "Disable": false
}