CVE-2017-5638
CVE-2017-5638
Em resumo
O Apache Struts 2 possui uma falha no processamento de uploads de arquivo que permite a invasores executar comandos maliciosos em um servidor através de headers HTTP especialmente construídos. Esta é uma vulnerabilidade crítica que foi explorada em ataques reais.
Detalhe técnico
O parser Jakarta Multipart do Apache Struts 2 (versões 2.3.x anteriores a 2.3.32 e 2.5.x anteriores a 2.5.10.1) trata incorretamente exceções durante o processamento de dados multipart, permitindo execução remota de código através de injeção OGNL via headers HTTP maliciosos como Content-Type, Content-Disposition ou Content-Length. A vulnerabilidade requer apenas acesso à rede para um endpoint da aplicação afetada, sem necessidade de autenticação, resultando em execução arbitrária de comandos.
Resumo gerado e traduzido por IA a partir da descrição oficial.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Apache Software Foundation · Apache StrutsPoCs públicas encontradas — 89
githubgithub.com/mazen160/struts-pwn★ 443githubgithub.com/Flyteas/Struts2-045-Exp★ 61githubgithub.com/immunio/apache-struts2-CVE-2017-5638★ 35githubgithub.com/jas502n/S2-045-EXP-POC-TOOLS★ 25githubgithub.com/PolarisLab/S2-045★ 24githubgithub.com/jas502n/st2-046-poc★ 21githubgithub.com/xsscx/cve-2017-5638★ 21githubgithub.com/ret2jazzy/Struts-Apache-ExploitPack★ 16githubgithub.com/win3zz/CVE-2017-5638★ 16githubgithub.com/jrrdev/cve-2017-5638★ 14githubgithub.com/sUbc0ol/Apache-Struts2-RCE-Exploit-v2-CVE-2017-5638★ 13githubgithub.com/Iletee/struts2-rce★ 11githubgithub.com/tahmed11/strutsy★ 10githubgithub.com/initconf/CVE-2017-5638_struts★ 8githubgithub.com/payatu/CVE-2017-5638★ 8githubgithub.com/0x00-0x00/CVE-2017-5638★ 6githubgithub.com/R4v3nBl4ck/Apache-Struts-2-CVE-2017-5638-Exploit-★ 3githubgithub.com/falcon-lnhg/StrutsShell★ 3githubgithub.com/Nithylesh/web-application-firewall-★ 3githubgithub.com/iampetru/PoC-CVE-2017-5638★ 3githubgithub.com/opt9/Strutscli★ 2githubgithub.com/aljazceru/CVE-2017-5638-Apache-Struts2★ 2githubgithub.com/Greynad/struts2-jakarta-inject★ 2githubgithub.com/andypitcher/check_struts★ 2githubgithub.com/lolwaleet/ExpStruts★ 2githubgithub.com/opt9/Strutshock★ 2githubgithub.com/Kouf320/docker-lab-cve-2017-5638-cve-2021-41773★ 2githubgithub.com/jpacora/Struts2Shell★ 1githubgithub.com/Masahiro-Yamada/OgnlContentTypeRejectorValve★ 1githubgithub.com/oktavianto/CVE-2017-5638-Apache-Struts2★ 1githubgithub.com/KarzsGHR/S2-046_S2-045_POC★ 1githubgithub.com/riyazwalikar/struts-rce-cve-2017-5638★ 1githubgithub.com/sighup1/cybersecurity-struts2★ 1githubgithub.com/m3ssap0/struts2_cve-2017-5638★ 1githubgithub.com/ggolawski/struts-rce★ 1githubgithub.com/un4ckn0wl3z/CVE-2017-5638★ 1githubgithub.com/ludy-dev/XworkStruts-RCE★ 1githubgithub.com/jongmartinez/CVE-2017-5638★ 1githubgithub.com/jptr218/struts_hack★ 1githubgithub.com/kloutkake/CVE-2017-5638-PoC★ 1githubgithub.com/haxerr9/CVE-2017-5638★ 1githubgithub.com/ACharaf06/CVE-2017-5638-Attack-and-Defense★ 1githubgithub.com/Xhendos/CVE-2017-5638★ 0githubgithub.com/invisiblethreat/strutser★ 0githubgithub.com/c002/Apache-Struts★ 0githubgithub.com/donaldashdown/Common-Vulnerability-and-Exploit★ 0githubgithub.com/MuhammadAbdullah192/CVE-2017-5638-Remote-Code-Execution-Apache-Struts2-EXPLOITATION★ 0githubgithub.com/cafnet/apache-struts-v2-CVE-2017-5638★ 0githubgithub.com/jrrombaldo/CVE-2017-5638★ 0githubgithub.com/kaylertee/Computer-Security-Equifax-2017★ 0githubgithub.com/sjitech/test_struts2_vulnerability_CVE-2017-5638★ 0githubgithub.com/FozilCV/Apache-Struts2-CVE-2017-5638★ 0githubgithub.com/btamburi/strutszeiro★ 0githubgithub.com/leandrocamposcardoso/CVE-2017-5638-Mass-Exploit★ 0githubgithub.com/bongbongco/cve-2017-5638★ 0githubgithub.com/eeehit/CVE-2017-5638★ 0githubgithub.com/sUbc0ol/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner★ 0githubgithub.com/gsfish/S2-Reaper★ 0githubgithub.com/random-robbie/CVE-2017-5638★ 0githubgithub.com/TamiiLambrado/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner★ 0githubgithub.com/colorblindpentester/CVE-2017-5638★ 0githubgithub.com/injcristianrojas/cve-2017-5638★ 0githubgithub.com/soufiane-benchahyd/vulhub-struts2★ 0githubgithub.com/sonatype-workshops/struts2-rce★ 0githubgithub.com/AIPEACS/SC3010-Computer-Security★ 0githubgithub.com/Badbird3/CVE-2017-5638★ 0githubgithub.com/testpilot031/vulnerability_struts-2.3.31★ 0githubgithub.com/readloud/CVE-2017-5638★ 0githubgithub.com/Tankirat/CVE-2017-5638★ 0githubgithub.com/mfdev-solution/Exploit-CVE-2017-5638★ 0githubgithub.com/mritunjay-k/CVE-2017-5638★ 0githubgithub.com/FredBrave/CVE-2017-5638-ApacheStruts2.3.5★ 0githubgithub.com/Majaktech/apache-struts-cve-2017-5638-project★ 0githubgithub.com/Xernary/CVE-2017-5638-POC★ 0githubgithub.com/timothyjxhn/DeliberatelyVulnerableWebApp★ 0githubgithub.com/toothbrushsoapflannelbiscuits/cve-2017-5638★ 0githubgithub.com/Dungsocool/CVE-2017-5638★ 0githubgithub.com/QHxDr-dz/CVE-2017-5638★ 0githubgithub.com/joidiego/Detection-struts-cve-2017-5638-detector★ 0githubgithub.com/Aasron/Struts2-045-Exp★ 0githubgithub.com/SpiderMate/Stutsfi★ 0githubgithub.com/mcassano/cve-2017-5638★ 0githubgithub.com/smancke/CVE-2017-5638★ 0githubgithub.com/homjxi0e/CVE-2017-5638★ 0cve_referencewww.exploit-db.com/exploits/41614/não verificadoexploitdbwww.exploit-db.com/exploits/41570não verificadoexploitdbwww.exploit-db.com/exploits/41614não verificadocve_referencepacketstormsecurity.com/files/141494/S2-45-poc.py.txtnão verificadocve_referenceexploit-db.com/exploits/41570não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlhttp://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/https://cwiki.apache.org/confluence/display/WW/S2-045https://cwiki.apache.org/confluence/display/WW/S2-046https://exploit-db.com/exploits/41570https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519ahttps://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228https://github.com/mazen160/struts-pwnhttps://github.com/rapid7/metasploit-framework/issues/8064https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us