CVE-2017-5638 : CVE-2017-5638

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2017-5638 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

来源: 美国国家漏洞数据库 NVD

CVSS Information

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

Apache Struts 2 输入验证错误漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

Apache Struts是美国阿帕奇（Apache）软件基金会的一个开源项目，是一套用于创建企业级Java Web应用的开源MVC框架，主要提供两个版本框架产品，Struts 1和Struts 2。 Apache Struts 2 2.3.32之前的2 2.3.x版本和2.5.10.1之前的2.5.x版本中的Jakarta Multipart解析器存在安全漏洞，该漏洞源于程序没有正确处理文件上传。远程攻击者可借助带有＃cmd=字符串的特制Content-Type HTTP头利用该漏洞执行任意命令。

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE	订阅
Apache Software Foundation	Apache Struts	2.3.x before 2.3.32	-

二、漏洞 CVE-2017-5638 的公开POC

#	POC 描述	源链接	神龙链接
1	Struts2 S2-045（CVE-2017-5638）Vulnerability environment - http://www.mottoin.com/97954.html	https://github.com/PolarisLab/S2-045	POC详情
2	Struts2 S2-045（CVE-2017-5638）Exp with GUI	https://github.com/Flyteas/Struts2-045-Exp	POC详情
3	None	https://github.com/bongbongco/cve-2017-5638	POC详情
4	S2-045 漏洞 POC-TOOLS CVE-2017-5638	https://github.com/jas502n/S2-045-EXP-POC-TOOLS	POC详情
5	Telegram Bot to manage botnets created with struts vulnerability(CVE-2017-5638)	https://github.com/mthbernardes/strutszeiro	POC详情
6	Example PoC Code for CVE-2017-5638 \| Apache Struts Exploit	https://github.com/xsscx/cve-2017-5638	POC详情
7	Demo Application and Exploit	https://github.com/immunio/apache-struts2-CVE-2017-5638	POC详情
8	This is Valve for Tomcat7 to block Struts 2 Remote Code Execution vulnerability (CVE-2017-5638)	https://github.com/Masahiro-Yamada/OgnlContentTypeRejectorValve	POC详情
9	Tweaking original PoC (https://github.com/rapid7/metasploit-framework/issues/8064) to work on self-signed certificates	https://github.com/aljazceru/CVE-2017-5638-Apache-Struts2	POC详情
10	test struts2 vulnerability CVE-2017-5638 in Mac OS X	https://github.com/sjitech/test_struts2_vulnerability_CVE-2017-5638	POC详情
11	None	https://github.com/jrrombaldo/CVE-2017-5638	POC详情
12	CVE: 2017-5638 in different formats	https://github.com/random-robbie/CVE-2017-5638	POC详情
13	detection for Apache Struts recon and compromise	https://github.com/initconf/CVE-2017-5638_struts	POC详情
14	An exploit for Apache Struts CVE-2017-5638	https://github.com/mazen160/struts-pwn	POC详情
15	These are just some script which you can use to detect and exploit the Apache Struts Vulnerability (CVE-2017-5638)	https://github.com/ret2jazzy/Struts-Apache-ExploitPack	POC详情
16	A php based exploiter for CVE-2017-5638.	https://github.com/lolwaleet/ExpStruts	POC详情
17	Example PHP Exploiter for CVE-2017-5638	https://github.com/oktavianto/CVE-2017-5638-Apache-Struts2	POC详情
18	cve-2017-5638 Vulnerable site sample	https://github.com/jrrdev/cve-2017-5638	POC详情
19	Struts2 RCE CVE-2017-5638 non-intrusive check shell script	https://github.com/opt9/Strutshock	POC详情
20	Apache Struts (CVE-2017-5638) Shell	https://github.com/falcon-lnhg/StrutsShell	POC详情
21	None	https://github.com/bhagdave/CVE-2017-5638	POC详情
22	st2-046-poc CVE-2017-5638	https://github.com/jas502n/st2-046-poc	POC详情
23	S2-046\|S2-045: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）	https://github.com/KarzsGHR/S2-046_S2-045_POC	POC详情
24	CVE-2017-5638	https://github.com/gsfish/S2-Reaper	POC详情
25	None	https://github.com/mcassano/cve-2017-5638	POC详情
26	Struts2 RCE CVE-2017-5638 CLI shell	https://github.com/opt9/Strutscli	POC详情
27	Strutsy - Mass exploitation of Apache Struts (CVE-2017-5638) vulnerability	https://github.com/tahmed11/strutsy	POC详情
28	Apache Struts 2.0 RCE vulnerability - Allows an attacker to inject OS commands into a web application through the content-type header	https://github.com/payatu/CVE-2017-5638	POC详情
29	CVE-2017-5638	https://github.com/Aasron/Struts2-045-Exp	POC详情
30	An exploit for CVE-2017-5638 Remote Code Execution (RCE) Vulnerability in Apache Struts 2	https://github.com/SpiderMate/Stutsfi	POC详情
31	An exploit (and library) for CVE-2017-5638 - Apache Struts2 S2-045 bug.	https://github.com/jpacora/Struts2Shell	POC详情
32	None	https://github.com/AndreasKl/CVE-2017-5638	POC详情
33	Struts-RCE CVE-2017-5638	https://github.com/riyazwalikar/struts-rce-cve-2017-5638	POC详情
34	None	https://github.com/homjxi0e/CVE-2017-5638	POC详情
35	CVE-2017-5638 Test environment	https://github.com/eeehit/CVE-2017-5638	POC详情
36	None	https://github.com/sUbc0ol/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner	POC详情
37	None	https://github.com/sUbc0ol/Apache-Struts2-RCE-Exploit-v2-CVE-2017-5638	POC详情
38	Exploit created by: R4v3nBl4ck end Pacman	https://github.com/R4v3nBl4ck/Apache-Struts-2-CVE-2017-5638-Exploit-	POC详情
39	None	https://github.com/Xhendos/CVE-2017-5638	POC详情
40	None	https://github.com/TamiiLambrado/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner	POC详情
41	Check for Struts Vulnerability CVE-2017-5638	https://github.com/invisiblethreat/strutser	POC详情
42	None	https://github.com/lizhi16/CVE-2017-5638	POC详情
43	An exploit for Apache Struts CVE-2017-5638	https://github.com/c002/Apache-Struts	POC详情
44	Struts2 Application Vulnerable to CVE-2017-5638. Explains how the exploit of the vulnerability works in relation to OGNL and the JakartaMultiPart parser.	https://github.com/pr0x1ma-byte/cybersecurity-struts2	POC详情
45	Working POC for CVE 2017-5638	https://github.com/cafnet/apache-struts-v2-CVE-2017-5638	POC详情
46	Struts02 s2-045 exploit program	https://github.com/0x00-0x00/CVE-2017-5638	POC详情
47	This is a sort of Java porting of the Python exploit at: https://www.exploit-db.com/exploits/41570/.	https://github.com/m3ssap0/struts2_cve-2017-5638	POC详情
48	Golang exploit for CVE-2017-5638	https://github.com/Greynad/struts2-jakarta-inject	POC详情
49	Apache Struts CVE-2017-5638 RCE exploitation	https://github.com/ggolawski/struts-rce	POC详情
50	Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution - Shell Script	https://github.com/win3zz/CVE-2017-5638	POC详情
51	None	https://github.com/leandrocamposcardoso/CVE-2017-5638-Mass-Exploit	POC详情
52	Exploitable target to CVE-2017-5638	https://github.com/Iletee/struts2-rce	POC详情
53	Apache Struts version analyzer (Ansible) based on CVE-2017-5638	https://github.com/andypitcher/check_struts	POC详情
54	None	https://github.com/un4ckn0wl3z/CVE-2017-5638	POC详情
55	CVE-2017-5638 (PoC Exploits)	https://github.com/colorblindpentester/CVE-2017-5638	POC详情
56	Demo app of THAT data broker's security breach	https://github.com/injcristianrojas/cve-2017-5638	POC详情
57	(CVE-2017-5638) XworkStruts RCE Vuln test script	https://github.com/ludy-dev/XworkStruts-RCE	POC详情
58	Exploitable target to CVE-2017-5638	https://github.com/sonatype-workshops/struts2-rce	POC详情
59	PoC for CVE: 2017-5638 - Apache Struts2 S2-045	https://github.com/jongmartinez/CVE-2017-5638	POC详情
60	None	https://github.com/Badbird3/CVE-2017-5638	POC详情
61	An implementation of CVE-2017-5638	https://github.com/jptr218/struts_hack	POC详情
62	Build the struts-2.3.31 (CVE-2017-5638) environment	https://github.com/testpilot031/vulnerability_struts-2.3.31	POC详情
63	This script is intended to validate Apache Struts 2 vulnerability (CVE-2017-5638), AKA Struts-Shock.	https://github.com/readloud/CVE-2017-5638	POC详情
64	None	https://github.com/Tankirat/CVE-2017-5638	POC详情
65	None	https://github.com/0xConstant/CVE-2017-5638	POC详情
66	this exemple of application permet to test the vunerability CVE_2017-5638	https://github.com/mfdev-solution/Exploit-CVE-2017-5638	POC详情
67	An exploit for CVE-2017-5638	https://github.com/mritunjay-k/CVE-2017-5638	POC详情
68	A exploit for CVE-2017-5638. This exploit works on versions 2.3.5-2.3.31 and 2.5 – 2.5.10	https://github.com/FredBrave/CVE-2017-5638-ApacheStruts2.3.5	POC详情
69	This is the Apache Struts CVE-2017-5638 struts 2 vulnerability. The same CVE that resulted in the equifax database breach.	https://github.com/donaldashdown/Common-Vulnerability-and-Exploit	POC详情
70	This project demonstrates a Web Application Firewall (WAF) simulation using Flask and a vulnerability checker for CVE-2017-5638. The WAF middleware blocks HTTP requests containing specific patterns, and the vulnerability checker tests for and exploits the Apache Struts 2 vulnerability (CVE-2017-5638).	https://github.com/Nithylesh/web-application-firewall-	POC详情
71	This repository provides a PoC for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2, exploitable via a crafted Content-Type HTTP header.	https://github.com/kloutkake/CVE-2017-5638-PoC	POC详情
72	Struts2 Application Vulnerable to CVE-2017-5638. Explains how the exploit of the vulnerability works in relation to OGNL and the JakartaMultiPart parser.	https://github.com/sighup1/cybersecurity-struts2	POC详情
73	Proof of concept of CVE-2017-5638 including the whole setup of the Apache vulnerable server	https://github.com/Xernary/CVE-2017-5638-POC	POC详情
74	None	https://github.com/banomaly/CVE-2017-5638	POC详情
75	Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-5638.yaml	POC详情
76	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Struts2%20S2-046%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-5638.md	POC详情
77	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Struts2%20S2-045%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-5638.md	POC详情
78	None	https://github.com/toothbrushsoapflannelbiscuits/cve-2017-5638	POC详情
79	CVE-2017-5638 Exploit Rewritten In Python By haxerr9	https://github.com/haxerr9/CVE-2017-5638	POC详情
80	None	https://github.com/QHxDr-dz/CVE-2017-5638	POC详情
81	Real-time anomaly detection system for Apache Struts CVE-2017-5638 exploit using streaming analytics, 3-gram byte analysis, and Count-Min Sketch. Detects RCE attacks without signatures, with <5ms latency and <0.1% false positives.	https://github.com/joidiego/Detection-struts-cve-2017-5638-detector	POC详情
82	Apache Struts2 CVE-2017-5638 (Safe Educational Demo)	https://github.com/iampetru/PoC-CVE-2017-5638	POC详情
83	None	https://github.com/MuhammadAbdullah192/CVE-2017-5638-Remote-Code-Execution-Apache-Struts2-EXPLOITATION	POC详情
84	A hands-on simulation of CVE-2017-5638 (Apache Struts2 RCE), showcasing exploit reproduction, OS-level command execution, and mitigations such as input sanitization and endpoint monitoring. Built in Python/Flask with Jupyter notebook demos	https://github.com/kaylertee/Computer-Security-Equifax-2017	POC详情
85	CVE-2017-5638- PoC	https://github.com/FozilCV/Apache-Struts2-CVE-2017-5638	POC详情
86	Telegram Bot to manage botnets created with struts vulnerability(CVE-2017-5638)	https://github.com/btamburi/strutszeiro	POC详情
87	A Deliberately Vulnerable Web Application built on Struts 2 (CVE-2017-5638) and Log4J (CVE-2021-44228) for testing and demonstration of OWASP Top 10 Web Application Security Risks: A06:2021-Vulnerable and Outdated Components.	https://github.com/timothyjxhn/DeliberatelyVulnerableWebApp	POC详情
88	None	https://github.com/ACharaf06/CVE-2017-5638-Attack-and-Defense	POC详情
89	None	https://github.com/smancke/CVE-2017-5638	POC详情
90	Software Security & Privacy ~ Assignement 3 : CVE PoC	https://github.com/louislafosse/CVE-2017-5638-assignement	POC详情
91	A practical lab demonstrating the exploitation of a critical Remote Code Execution (RCE) vulnerability in Apache Struts2 (CVE-2017-5638) using Vulhub Docker environments. Includes setup instructions and commands to run the vulnerable container.	https://github.com/soufiane-benchahyd/vulhub-struts2	POC详情

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2017-5638 的情报信息

Please 登录 to view more intelligence information

🔗 https://isc.sans.edu/diary/22169x_refsource_MISC
🔗 https://security.netapp.com/advisory/ntap-20170310-0001/x_refsource_CONFIRM
🔗 https://github.com/rapid7/metasploit-framework/issues/8064x_refsource_MISC
🔗 https://struts.apache.org/docs/s2-046.htmlx_refsource_CONFIRM
🔗 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txtx_refsource_CONFIRM
🔗 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_usx_refsource_CONFIRM
🔗 https://www.symantec.com/security-center/network-protection-security-advisories/SA145x_refsource_CONFIRM
🔗 https://cwiki.apache.org/confluence/display/WW/S2-046x_refsource_CONFIRM
🔗 https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/x_refsource_MISC
🔗 http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/x_refsource_MISC
🔗 https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519ax_refsource_CONFIRM
🔗 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_usx_refsource_CONFIRM
🔗 https://twitter.com/theog150/status/841146956135124993x_refsource_MISC
🔗 https://packetstormsecurity.com/files/141494/S2-45-poc.py.txtx_refsource_MISC
🔗 GitHub - mazen160/struts-pwn: An exploit for Apache Struts CVE-2017-5638x_refsource_MISC
🔗 https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.htmlx_refsource_MISC
🔗 https://cwiki.apache.org/confluence/display/WW/S2-045x_refsource_CONFIRM
🔗 https://struts.apache.org/docs/s2-045.htmlx_refsource_CONFIRM
🔗 https://support.lenovo.com/us/en/product_security/len-14200x_refsource_CONFIRM
🔗 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_usx_refsource_CONFIRM
🔗 http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlx_refsource_MISC
🔗 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlx_refsource_CONFIRM
🔗 https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228x_refsource_CONFIRM
🔗 https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/x_refsource_MISC
🔗 https://www.exploit-db.com/exploits/41614/exploitx_refsource_EXPLOIT-DB
🔗 Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution - Linux webapps Exploitexploitx_refsource_EXPLOIT-DB
🔗 http://www.securityfocus.com/bid/96729vdb-entryx_refsource_BID
🔗 http://www.securitytracker.com/id/1037973vdb-entryx_refsource_SECTRACK
🔗 https://www.kb.cert.org/vuls/id/834067third-party-advisoryx_refsource_CERT-VN
🔗 https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3Emailing-listx_refsource_MLIST
🔗 Apache Software Foundation Security Report: 2020-Apache Mail Archivesmailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2017-5638

四、漏洞 CVE-2017-5638 的评论

暂无评论

支持本站 — 捐款将帮助我们持续运营

一、漏洞 CVE-2017-5638 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2017-5638 的公开POC

三、漏洞 CVE-2017-5638 的情报信息

四、漏洞 CVE-2017-5638 的评论

发表评论

支持本站 — 捐款将帮助我们持续运营

一、 漏洞 CVE-2017-5638 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2017-5638 的公开POC

三、漏洞 CVE-2017-5638 的情报信息

四、漏洞 CVE-2017-5638 的评论

发表评论

一、漏洞 CVE-2017-5638 基础信息