Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

cisco-sa-20170310-struts2 · Critical · Published · Updated

On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a crafted Content-Type, Content-Disposition, or Content-Length value. This vulnerability has been assigned CVE-ID CVE-2017-5638. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2

Cisco advisory · CSAF JSON

Workarounds

Any workarounds, if available, are documented in the Cisco bugs, which are accessible through the Cisco Bug Search Tool ["https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"].

CVEsCVE-2017-5638
Cisco Bug IDsCSCvd49788, CSCvd49817, CSCvd49829, CSCvd49841, CSCvd51283, CSCvd51442, CSCvd51443, CSCvd56191, CSCvd56593, CSCvd63318, CSCvd63322, CSCvd63325, CSCvd63328
CVSS ScoreBase NA
Product Names From Source
Cisco Emergency Responder, Cisco Unity Connection, Cisco Unified Contact Center Express, Cisco Identity Services Engine Software, Cisco Hosted Collaboration Solution, Cisco Finesse, Cisco SocialMiner, Cisco MediaSense, Cisco Unified SIP Proxy, Cisco Unified Intelligence Center, Cisco Prime Service Catalog, Cisco Prime License Manager, Cisco Hosted Collaboration Mediation Fulfillment

Related Products

Product CVE Evidence
Cisco Unity Connection CVE-2017-5638 Cisco OpenVuln
Cisco Unity CVE-2017-5638 Cisco OpenVuln
Cisco Unified SIP Proxy CVE-2017-5638 Cisco OpenVuln
Cisco Unified Intelligence Center CVE-2017-5638 Cisco OpenVuln
Cisco Unified Contact Center Express CVE-2017-5638 Cisco OpenVuln
Cisco Unified Contact Center CVE-2017-5638 Cisco OpenVuln
Cisco SocialMiner CVE-2017-5638 Cisco OpenVuln
Cisco Prime Service Catalog CVE-2017-5638 Cisco OpenVuln
Cisco Prime License Manager CVE-2017-5638 Cisco OpenVuln
Cisco MediaSense CVE-2017-5638 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2017-5638 Cisco OpenVuln
Cisco Hosted Collaboration Solution CVE-2017-5638 Cisco OpenVuln
Cisco Hosted Collaboration Mediation Fulfillment CVE-2017-5638 Cisco OpenVuln
Cisco Finesse CVE-2017-5638 Cisco OpenVuln
Cisco Emergency Responder CVE-2017-5638 Cisco OpenVuln