CVE-2017-5638 | Cybersecurity Alerts | Nexus IT Services, LLC

← Back to Cybersecurity Alerts

CVE-2017-5638

Apache | StrutsAdded 2021-11-03Remediation Deadline 2022-05-03Active Ransomware Campaign

Apache Struts Remote Code Execution Vulnerability

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-20

References

https://nvd.nist.gov/vuln/detail/CVE-2017-5638