漏洞信息(CVE-2017-5638)

一、漏洞 CVE-2017-5638 基础信息

漏洞信息

                                        # N/A

## 漏洞概述
Jakarta Multipart parser在处理文件上传时存在异常处理和错误消息生成的缺陷，允许远程攻击者通过精心设计的HTTP头（如Content-Type, Content-Disposition, 或 Content-Length）执行任意命令。

## 影响版本
- Apache Struts 2 2.3.x 版本低于2.3.32
- Apache Struts 2 2.5.x 版本低于2.5.10.1

## 细节
在文件上传过程中，受影响版本的Jakarta Multipart parser未能正确处理异常，导致错误消息生成存在问题。攻击者可以通过构造特定的HTTP头（特别是包含#cmd=字符串的Content-Type头），利用此缺陷执行任意命令。

## 影响
此漏洞曾于2017年3月被利用于野，在实际攻击中，攻击者通过精心设计的Content-Type头携带恶意指令成功执行了任意命令。

提示

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Apache Struts 2 输入验证错误漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Apache Struts是美国阿帕奇（Apache）软件基金会的一个开源项目，是一套用于创建企业级Java Web应用的开源MVC框架，主要提供两个版本框架产品，Struts 1和Struts 2。 Apache Struts 2 2.3.32之前的2 2.3.x版本和2.5.10.1之前的2.5.x版本中的Jakarta Multipart解析器存在安全漏洞，该漏洞源于程序没有正确处理文件上传。远程攻击者可借助带有＃cmd=字符串的特制Content-Type HTTP头利用该漏洞执行任意命令。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

输入验证错误

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2017-5638 的公开POC

#	POC 描述	源链接	神龙链接
1	Struts2 S2-045（CVE-2017-5638）Vulnerability environment - http://www.mottoin.com/97954.html	https://github.com/PolarisLab/S2-045	POC详情
2	Struts2 S2-045（CVE-2017-5638）Exp with GUI	https://github.com/Flyteas/Struts2-045-Exp	POC详情
3	None	https://github.com/bongbongco/cve-2017-5638	POC详情
4	S2-045 漏洞 POC-TOOLS CVE-2017-5638	https://github.com/jas502n/S2-045-EXP-POC-TOOLS	POC详情
5	Telegram Bot to manage botnets created with struts vulnerability(CVE-2017-5638)	https://github.com/mthbernardes/strutszeiro	POC详情
6	Example PoC Code for CVE-2017-5638 \| Apache Struts Exploit	https://github.com/xsscx/cve-2017-5638	POC详情
7	Demo Application and Exploit	https://github.com/immunio/apache-struts2-CVE-2017-5638	POC详情
8	This is Valve for Tomcat7 to block Struts 2 Remote Code Execution vulnerability (CVE-2017-5638)	https://github.com/Masahiro-Yamada/OgnlContentTypeRejectorValve	POC详情
9	Tweaking original PoC (https://github.com/rapid7/metasploit-framework/issues/8064) to work on self-signed certificates	https://github.com/aljazceru/CVE-2017-5638-Apache-Struts2	POC详情
10	test struts2 vulnerability CVE-2017-5638 in Mac OS X	https://github.com/sjitech/test_struts2_vulnerability_CVE-2017-5638	POC详情
11	None	https://github.com/jrrombaldo/CVE-2017-5638	POC详情
12	CVE: 2017-5638 in different formats	https://github.com/random-robbie/CVE-2017-5638	POC详情
13	detection for Apache Struts recon and compromise	https://github.com/initconf/CVE-2017-5638_struts	POC详情
14	An exploit for Apache Struts CVE-2017-5638	https://github.com/mazen160/struts-pwn	POC详情
15	These are just some script which you can use to detect and exploit the Apache Struts Vulnerability (CVE-2017-5638)	https://github.com/ret2jazzy/Struts-Apache-ExploitPack	POC详情
16	A php based exploiter for CVE-2017-5638.	https://github.com/lolwaleet/ExpStruts	POC详情
17	Example PHP Exploiter for CVE-2017-5638	https://github.com/oktavianto/CVE-2017-5638-Apache-Struts2	POC详情
18	cve-2017-5638 Vulnerable site sample	https://github.com/jrrdev/cve-2017-5638	POC详情
19	Struts2 RCE CVE-2017-5638 non-intrusive check shell script	https://github.com/opt9/Strutshock	POC详情
20	Apache Struts (CVE-2017-5638) Shell	https://github.com/falcon-lnhg/StrutsShell	POC详情
21	None	https://github.com/bhagdave/CVE-2017-5638	POC详情
22	st2-046-poc CVE-2017-5638	https://github.com/jas502n/st2-046-poc	POC详情
23	S2-046\|S2-045: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）	https://github.com/KarzsGHR/S2-046_S2-045_POC	POC详情
24	CVE-2017-5638	https://github.com/gsfish/S2-Reaper	POC详情
25	None	https://github.com/mcassano/cve-2017-5638	POC详情
26	Struts2 RCE CVE-2017-5638 CLI shell	https://github.com/opt9/Strutscli	POC详情
27	Strutsy - Mass exploitation of Apache Struts (CVE-2017-5638) vulnerability	https://github.com/tahmed11/strutsy	POC详情
28	Apache Struts 2.0 RCE vulnerability - Allows an attacker to inject OS commands into a web application through the content-type header	https://github.com/payatu/CVE-2017-5638	POC详情
29	CVE-2017-5638	https://github.com/Aasron/Struts2-045-Exp	POC详情
30	An exploit for CVE-2017-5638 Remote Code Execution (RCE) Vulnerability in Apache Struts 2	https://github.com/SpiderMate/Stutsfi	POC详情
31	An exploit (and library) for CVE-2017-5638 - Apache Struts2 S2-045 bug.	https://github.com/jpacora/Struts2Shell	POC详情
32	None	https://github.com/AndreasKl/CVE-2017-5638	POC详情
33	Struts-RCE CVE-2017-5638	https://github.com/riyazwalikar/struts-rce-cve-2017-5638	POC详情
34	None	https://github.com/homjxi0e/CVE-2017-5638	POC详情
35	CVE-2017-5638 Test environment	https://github.com/eeehit/CVE-2017-5638	POC详情
36	None	https://github.com/sUbc0ol/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner	POC详情
37	None	https://github.com/sUbc0ol/Apache-Struts2-RCE-Exploit-v2-CVE-2017-5638	POC详情
38	Exploit created by: R4v3nBl4ck end Pacman	https://github.com/R4v3nBl4ck/Apache-Struts-2-CVE-2017-5638-Exploit-	POC详情
39	None	https://github.com/Xhendos/CVE-2017-5638	POC详情
40	None	https://github.com/TamiiLambrado/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner	POC详情
41	Check for Struts Vulnerability CVE-2017-5638	https://github.com/invisiblethreat/strutser	POC详情
42	None	https://github.com/lizhi16/CVE-2017-5638	POC详情
43	An exploit for Apache Struts CVE-2017-5638	https://github.com/c002/Apache-Struts	POC详情
44	Struts2 Application Vulnerable to CVE-2017-5638. Explains how the exploit of the vulnerability works in relation to OGNL and the JakartaMultiPart parser.	https://github.com/pr0x1ma-byte/cybersecurity-struts2	POC详情
45	Working POC for CVE 2017-5638	https://github.com/cafnet/apache-struts-v2-CVE-2017-5638	POC详情
46	Struts02 s2-045 exploit program	https://github.com/0x00-0x00/CVE-2017-5638	POC详情
47	This is a sort of Java porting of the Python exploit at: https://www.exploit-db.com/exploits/41570/.	https://github.com/m3ssap0/struts2_cve-2017-5638	POC详情
48	Golang exploit for CVE-2017-5638	https://github.com/Greynad/struts2-jakarta-inject	POC详情
49	Apache Struts CVE-2017-5638 RCE exploitation	https://github.com/ggolawski/struts-rce	POC详情
50	Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution - Shell Script	https://github.com/win3zz/CVE-2017-5638	POC详情
51	None	https://github.com/leandrocamposcardoso/CVE-2017-5638-Mass-Exploit	POC详情
52	Exploitable target to CVE-2017-5638	https://github.com/Iletee/struts2-rce	POC详情
53	Apache Struts version analyzer (Ansible) based on CVE-2017-5638	https://github.com/andypitcher/check_struts	POC详情
54	None	https://github.com/un4ckn0wl3z/CVE-2017-5638	POC详情
55	CVE-2017-5638 (PoC Exploits)	https://github.com/colorblindpentester/CVE-2017-5638	POC详情
56	Demo app of THAT data broker's security breach	https://github.com/injcristianrojas/cve-2017-5638	POC详情
57	(CVE-2017-5638) XworkStruts RCE Vuln test script	https://github.com/ludy-dev/XworkStruts-RCE	POC详情
58	Exploitable target to CVE-2017-5638	https://github.com/sonatype-workshops/struts2-rce	POC详情
59	PoC for CVE: 2017-5638 - Apache Struts2 S2-045	https://github.com/jongmartinez/CVE-2017-5638	POC详情
60	None	https://github.com/Badbird3/CVE-2017-5638	POC详情
61	An implementation of CVE-2017-5638	https://github.com/jptr218/struts_hack	POC详情
62	Build the struts-2.3.31 (CVE-2017-5638) environment	https://github.com/testpilot031/vulnerability_struts-2.3.31	POC详情
63	This script is intended to validate Apache Struts 2 vulnerability (CVE-2017-5638), AKA Struts-Shock.	https://github.com/readloud/CVE-2017-5638	POC详情
64	None	https://github.com/Tankirat/CVE-2017-5638	POC详情
65	None	https://github.com/0xConstant/CVE-2017-5638	POC详情
66	this exemple of application permet to test the vunerability CVE_2017-5638	https://github.com/mfdev-solution/Exploit-CVE-2017-5638	POC详情
67	An exploit for CVE-2017-5638	https://github.com/mritunjay-k/CVE-2017-5638	POC详情
68	A exploit for CVE-2017-5638. This exploit works on versions 2.3.5-2.3.31 and 2.5 – 2.5.10	https://github.com/FredBrave/CVE-2017-5638-ApacheStruts2.3.5	POC详情
69	This is the Apache Struts CVE-2017-5638 struts 2 vulnerability. The same CVE that resulted in the equifax database breach.	https://github.com/donaldashdown/Common-Vulnerability-and-Exploit	POC详情
70	This project demonstrates a Web Application Firewall (WAF) simulation using Flask and a vulnerability checker for CVE-2017-5638. The WAF middleware blocks HTTP requests containing specific patterns, and the vulnerability checker tests for and exploits the Apache Struts 2 vulnerability (CVE-2017-5638).	https://github.com/Nithylesh/web-application-firewall-	POC详情
71	This repository provides a PoC for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2, exploitable via a crafted Content-Type HTTP header.	https://github.com/kloutkake/CVE-2017-5638-PoC	POC详情
72	Struts2 Application Vulnerable to CVE-2017-5638. Explains how the exploit of the vulnerability works in relation to OGNL and the JakartaMultiPart parser.	https://github.com/sighup1/cybersecurity-struts2	POC详情
73	Proof of concept of CVE-2017-5638 including the whole setup of the Apache vulnerable server	https://github.com/Xernary/CVE-2017-5638-POC	POC详情
74	None	https://github.com/banomaly/CVE-2017-5638	POC详情
75	Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-5638.yaml	POC详情
76	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Struts2%20S2-046%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-5638.md	POC详情
77	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Struts2%20S2-045%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-5638.md	POC详情

三、漏洞 CVE-2017-5638 的情报信息

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt x_refsource_CONFIRM
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/ x_refsource_MISC
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html x_refsource_CONFIRM
https://cwiki.apache.org/confluence/display/WW/S2-046 x_refsource_CONFIRM
https://cwiki.apache.org/confluence/display/WW/S2-045 x_refsource_CONFIRM
https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228 x_refsource_CONFIRM
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us x_refsource_CONFIRM
https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a x_refsource_CONFIRM
https://support.lenovo.com/us/en/product_security/len-14200 x_refsource_CONFIRM
https://www.symantec.com/security-center/network-protection-security-advisories/SA145 x_refsource_CONFIRM
https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt x_refsource_MISC
https://github.com/mazen160/struts-pwn x_refsource_MISC
https://twitter.com/theog150/status/841146956135124993 x_refsource_MISC
http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html x_refsource_MISC
https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html x_refsource_MISC
https://struts.apache.org/docs/s2-045.html x_refsource_CONFIRM
https://isc.sans.edu/diary/22169 x_refsource_MISC
https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/ x_refsource_MISC
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us x_refsource_CONFIRM
https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/ x_refsource_MISC
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html x_refsource_MISC
https://struts.apache.org/docs/s2-046.html x_refsource_CONFIRM
https://github.com/rapid7/metasploit-framework/issues/8064 x_refsource_MISC
https://security.netapp.com/advisory/ntap-20170310-0001/ x_refsource_CONFIRM
http://www.securityfocus.com/bid/96729 vdb-entry x_refsource_BID
https://exploit-db.com/exploits/41570 exploit x_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/41614/ exploit x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1037973 vdb-entry x_refsource_SECTRACK
https://www.kb.cert.org/vuls/id/834067 third-party-advisory x_refsource_CERT-VN
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E mailing-list x_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2017-5638

一、 漏洞 CVE-2017-5638 基础信息

漏洞信息

提示

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2017-5638 的公开POC

三、漏洞 CVE-2017-5638 的情报信息

一、漏洞 CVE-2017-5638 基础信息