Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

SeverityCRITICAL
CVSS9.8
CWECWE-755
KEV KEV (added )
Published
Modified

Related Products

Product Advisory Evidence
Cisco Unity Connection cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Unity cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Unified SIP Proxy cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Unified Intelligence Center cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Unified Contact Center Express cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Unified Contact Center cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco SocialMiner cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Prime Service Catalog cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Prime License Manager cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco MediaSense cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Identity Services Engine Software cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Hosted Collaboration Solution cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Hosted Collaboration Mediation Fulfillment cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Finesse cisco-sa-20170310-struts2 Cisco OpenVuln
Cisco Emergency Responder cisco-sa-20170310-struts2 Cisco OpenVuln