Apache Struts is prone to a remote code-execution vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application.
Apache Struts 2.3.5 through 2.3.31 and 2.5 through 2.5.10 are vulnerable.
Information
VMWare vRealize Hyperic 5.0
VMWare vCenter Server 6.5
VMWare vCenter Server 6.0
VMWare Horizon Desktop as-a-Service Platform (DaaS) 7.0
VMWare Horizon Desktop as-a-Service Platform (DaaS) 6.0
Oracle WebCenter Sites 11.1.1 8.0
Oracle WebCenter Sites 12.2.1.2.0
Oracle WebCenter Sites 12.2.1.1.0
Oracle WebCenter Sites 12.2.1.0.0
IBM Connections 5.5
IBM Connections 5.0
IBM Connections 4.5
IBM Connections 4.0
Huawei SMSGW V100R003C01
Huawei SMSGW V100R002C11
Huawei SMSGW V100R002C01
Huawei Secospace AntiDDoS8030 V100R001C00
Huawei iManager NetEco 6000 V600R007C91
Huawei iManager NetEco 6000 V600R007C90
Huawei iManager NetEco 6000 V600R007C80
Huawei iManager NetEco V600R008C20
Huawei iManager NetEco V600R008C10
Huawei iManager NetEco V600R008C00
Huawei iManager NetEco V600R007C60SPC100
Huawei iManager NetEco V600R007C50
Huawei iManager NetEco V600R007C11
Huawei eSpace ECS V300R001C00
Huawei eSpace ECS V200R003C10
Huawei eSpace ECS V200R003C00
Huawei eSpace ECS V200R002C00
HP Universal CMDB Foundation Software 10.22 CUP5
Cisco Unity Connection 0
Cisco Unified SIP Proxy Software 0
Cisco Unified Intelligent Contact Management Enterprise 0
Cisco Unified Contact Center Enterprise 0
Cisco Unified Communications Manager Session Management Edition 0
Cisco Unified Communications Manager IM & Presence Service 0
Cisco Unified Communications Manager -
Cisco Prime Service Catalog Appliance and Virtual Appliance 0
Cisco Identity Services Engine (ISE) 0
Cisco Emergency Responder
Atlassian HipChat Server 2.0
Atlassian Crowd 2.11
Atlassian Crowd 2.10.1
Atlassian Crowd 2.9.5
Atlassian Crowd 2.9.4
Atlassian Crowd 2.9.3
Atlassian Crowd 2.9.2
Atlassian Crowd 2.9.1
Atlassian Crowd 2.9
Atlassian Crowd 2.8.8
Atlassian Crowd 2.8.3
Atlassian Bamboo 5.15
Atlassian Bamboo 5.12
Atlassian Bamboo 5.11
Atlassian Bamboo 5.10
Atlassian Bamboo 5.1
Atlassian Bamboo 5.12.3.1
Atlassian Bamboo 5.11.4.1
Apache Struts 2.3.31
Apache Struts 2.3.30
Apache Struts 2.3.28
Apache Struts 2.3.24
Apache Struts 2.3.5
Apache Struts 2.5.8
Apache Struts 2.5.7
Apache Struts 2.5.5
Apache Struts 2.5.2
Apache Struts 2.5.10
Apache Struts 2.5.1
Apache Struts 2.5
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.29
Apache Struts 2.3.20
Apache Struts 2.3.16
Apache Struts 2.3.15
Apache Struts 2.3.14
Apache Struts 2.3.12
Atlassian HipChat Server 2.2.2
Atlassian Crowd 2.11.1
Atlassian Crowd 2.10.3
Atlassian Crowd 2.9.7
Atlassian Bamboo 5.15.3
Atlassian Bamboo 5.14.5
Apache Struts 2.5.10.1
Apache Struts 2.3.32
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The following exploit is available:
References:
- Apache Homepage (Apache)
- Struts Homepage (Apache Software Foundation)
- Bamboo Security Advisory 2017-03-10 (Atlassian)
- Bug 1430326 - (CVE-2017-5638) CVE-2017-5638 struts2: RCE when performing file up (Red Hat)
- cisco-sa-20170310-struts2: Apache Struts2 Jakarta Multipart Parser File Upload C (Cisco)
- Crowd Security Advisory 2017-03-10 (Atlassian)
- CVE-2017-5638 - Apache Struts2 S2-045 #8064 (GitHub)
- HipChat Server Security Advisory 2017-03-09 (Atlassian)
- HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Executi (HP)
- huawei-sn-20170313-01-struts2-en: Security Notice - Statement on Remote Code Ex (Huawei)
- Oracle Critical Patch Update Advisory - April 2017 (Oracle)
- S2-045 (apache)
- swg22000444: Remote Code Execution (RCE) Vulnerability in Apache Struts affects (IBM)
- VMSA-2017-0004: VMware product updates resolve remote code execution vulnerabili (VMware)
- VU#834067: Apache Struts 2 is vulnerable to remote code execution (US-CERT)