Executive Summary
| Summary | |
|---|---|
| Title | - VMware product updates resolve remote code execution vulnerability via Apache Struts 2 |
| Informations | |||
|---|---|---|---|
| Name | VMSA-2017-0004 | First vendor Publication | 2017-03-13 |
| Vendor | VMware | Last vendor Modification | 2017-03-28 |
| Severity (Vendor) | N/A | Revision | 7 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Remote code execution vulnerability via Apache Struts 2 Multiple VMware products contain a Remote code execution vulnerability due to the use of Apache Struts 2. Successful exploitation of this issue may result in the complete compromise of an affected product. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-5638 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
| Url : http://www.vmware.com/security/advisories/VMSA-2017-0004.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Apache Struts 2 Jakarta Multipart Parser file upload command execution | More info here |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-04-11 | Apache Struts remote code execution attempt RuleID : 49377 - Revision : 1 - Type : SERVER-APACHE |
| 2019-04-11 | Apache Struts remote code execution attempt RuleID : 49376 - Revision : 2 - Type : SERVER-APACHE |
| 2017-04-12 | Apache Struts remote code execution attempt RuleID : 41923 - Revision : 4 - Type : SERVER-APACHE |
| 2017-04-12 | Apache Struts remote code execution attempt RuleID : 41922 - Revision : 4 - Type : SERVER-APACHE |
| 2017-04-12 | Apache Struts remote code execution attempt RuleID : 41819 - Revision : 3 - Type : SERVER-APACHE |
| 2017-04-12 | Apache Struts remote code execution attempt RuleID : 41818 - Revision : 4 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-07-19 | Name : An application server installed on the remote host is affected by multiple vu... File : oracle_weblogic_server_cpu_jul_2017.nasl - Type : ACT_GATHER_INFO |
| 2017-04-21 | Name : A web application running on the remote host is affected by multiple vulnerab... File : mysql_enterprise_monitor_3_3_3_1199.nasl - Type : ACT_GATHER_INFO |
| 2017-04-21 | Name : An application server installed on the remote host is affected by multiple vu... File : oracle_weblogic_server_cpu_apr_2017.nasl - Type : ACT_GATHER_INFO |
| 2017-03-08 | Name : The remote web server contains a web application that uses a Java framework t... File : struts_2_5_10_1_rce.nasl - Type : ACT_ATTACK |
| 2017-03-07 | Name : The remote host contains a web application that uses a Java framework that is... File : struts_2_5_10_1_win_local.nasl - Type : ACT_GATHER_INFO |
| 2017-01-16 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0004.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2017-03-28 21:21:58 |
|
| 2017-03-23 21:22:32 |
|
| 2017-03-16 21:23:00 |
|
| 2017-03-16 00:19:21 |
|
| 2017-03-15 05:22:47 |
|
| 2017-03-15 00:23:17 |
|
| 2017-03-14 17:28:14 |
|
| 2017-03-14 05:23:35 |
|
