CVE-2017-5638 - Apache Struts Remote Code Execution Vulnerability
Project:Apache
Product:Struts
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Apache Struts Remote Code Execution Vulnerability
Description
Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-5638
Related News Articles
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and ElasticsearchMay 28, 2025