Executive Summary
| Summary | |
|---|---|
| Title | Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20170310-struts2 | First vendor Publication | 2017-03-10 |
| Vendor | Cisco | Last vendor Modification | 2017-03-10 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a crafted Content-Type header value. This vulnerability has been assigned CVE-ID CVE-2017-5638. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJYwxGDZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkx0BAAxUbK2UurvyUPn5U/ 0JA4/3kfFG+eE1/0/QLoCy4uYnnauEzl0LlSRg12pxL008aNdHbExjtmhbOhz5Yp yqjcVHY8V+obVTbWANVTC5g7h4mcNYFKIWTio+x9YefHAqUPxmoU6aVlTYejrcl3 C2Z+Oa/Ogjd1ewKfLCZnxZoT7OmovvBPNyQ0kunWxV6O2ERev5XtqbCtGBO7y4ud tPjfTY48ABI3ngGE8LoBslcE8h5b/zfNzclxrmOPlhU0ZZC0KqMBnJ0W6TUW/ZHz Z6Q9suBEBEImSRe6kkIqozf8QA7PxIiYRaCJIR+zUgr7uS9BFJEXTxv3yKCpzKI1 Hn30cur9MUjkcrNnthpwqSryDbGb9LkDts8DjkrIaFiI7PIR/FR8/mWOSy1Ay13B Z93P3ac4jw+UEV+182g2Tnhfp5vdYGFYem9Yg4MFDFDo2J56ek1qSeofsx4cbMM6 MU+bF4bdBILXlHrKUyX5udqysps3WLOLmau8TGCy21yFGp06t4+YtXsi1kvXUjhw FN0lUf8Xv7hRDFQu466eO1f17A4CblzGJ3ONqB+gqqajtMTFMejmfY7mI1EwrU0/ obxYmb7n3xnzfgOKhIri1v5AIB+B1zHhmjUzXN5rrU8leUHwomKHwFMpPWcMjt2t CtxPnOmQiA7rZMER7dsJ5dRscSE= =d5QJ END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
Alert History
| Date | Informations |
|---|---|
| 2017-03-11 00:22:33 |
|
