[c-nsp] Cisco Security Advisory: Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

psirt at cisco.com psirt at cisco.com
Fri Mar 10 15:50:28 EST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

Advisory ID: cisco-sa-20170310-struts2

Revision: 1.0

For Public Release: 2017 March 10 19:30 GMT

Last Updated: 2017 March 10 19:30 GMT

CVE ID(s): CVE-2017-5638

+---------------------------------------------------------------------

Summary
=======
On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a crafted Content-Type header value.

This vulnerability has been assigned CVE-ID CVE-2017-5638.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2"]

-----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJYwxGDZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkx0BAAxUbK2UurvyUPn5U/
0JA4/3kfFG+eE1/0/QLoCy4uYnnauEzl0LlSRg12pxL008aNdHbExjtmhbOhz5Yp
yqjcVHY8V+obVTbWANVTC5g7h4mcNYFKIWTio+x9YefHAqUPxmoU6aVlTYejrcl3
C2Z+Oa/Ogjd1ewKfLCZnxZoT7OmovvBPNyQ0kunWxV6O2ERev5XtqbCtGBO7y4ud
tPjfTY48ABI3ngGE8LoBslcE8h5b/zfNzclxrmOPlhU0ZZC0KqMBnJ0W6TUW/ZHz
Z6Q9suBEBEImSRe6kkIqozf8QA7PxIiYRaCJIR+zUgr7uS9BFJEXTxv3yKCpzKI1
Hn30cur9MUjkcrNnthpwqSryDbGb9LkDts8DjkrIaFiI7PIR/FR8/mWOSy1Ay13B
Z93P3ac4jw+UEV+182g2Tnhfp5vdYGFYem9Yg4MFDFDo2J56ek1qSeofsx4cbMM6
MU+bF4bdBILXlHrKUyX5udqysps3WLOLmau8TGCy21yFGp06t4+YtXsi1kvXUjhw
FN0lUf8Xv7hRDFQu466eO1f17A4CblzGJ3ONqB+gqqajtMTFMejmfY7mI1EwrU0/
obxYmb7n3xnzfgOKhIri1v5AIB+B1zHhmjUzXN5rrU8leUHwomKHwFMpPWcMjt2t
CtxPnOmQiA7rZMER7dsJ5dRscSE=
=d5QJ
-----END PGP SIGNATURE-----




More information about the cisco-nsp mailing list