[prev in list] [next in list] [prev in thread] [next in thread]
List: cisco-nsp
Subject: [c-nsp] Cisco Security Advisory: Apache Struts2 Jakarta Multipart Parser File Upload Code Execution
From: psirt () cisco ! com
Date: 2017-03-10 20:50:28
Message-ID: 201703102050.8.struts2
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Apache Struts2 Jakarta Multipart Parser File Upload Code \
Execution Vulnerability Affecting Cisco Products
Advisory ID: cisco-sa-20170310-struts2
Revision: 1.0
For Public Release: 2017 March 10 19:30 GMT
Last Updated: 2017 March 10 19:30 GMT
CVE ID(s): CVE-2017-5638
+---------------------------------------------------------------------
Summary
=======
On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser \
used in Apache Struts2 that could allow an attacker to execute commands remotely on \
the targeted system using a crafted Content-Type header value.
This vulnerability has been assigned CVE-ID CVE-2017-5638.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2 \
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2"]
-----BEGIN PGP SIGNATURE-----
iQKBBAEBAgBrBQJYwxGDZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkx0BAAxUbK2UurvyUPn5U/
0JA4/3kfFG+eE1/0/QLoCy4uYnnauEzl0LlSRg12pxL008aNdHbExjtmhbOhz5Yp
yqjcVHY8V+obVTbWANVTC5g7h4mcNYFKIWTio+x9YefHAqUPxmoU6aVlTYejrcl3
C2Z+Oa/Ogjd1ewKfLCZnxZoT7OmovvBPNyQ0kunWxV6O2ERev5XtqbCtGBO7y4ud
tPjfTY48ABI3ngGE8LoBslcE8h5b/zfNzclxrmOPlhU0ZZC0KqMBnJ0W6TUW/ZHz
Z6Q9suBEBEImSRe6kkIqozf8QA7PxIiYRaCJIR+zUgr7uS9BFJEXTxv3yKCpzKI1
Hn30cur9MUjkcrNnthpwqSryDbGb9LkDts8DjkrIaFiI7PIR/FR8/mWOSy1Ay13B
Z93P3ac4jw+UEV+182g2Tnhfp5vdYGFYem9Yg4MFDFDo2J56ek1qSeofsx4cbMM6
MU+bF4bdBILXlHrKUyX5udqysps3WLOLmau8TGCy21yFGp06t4+YtXsi1kvXUjhw
FN0lUf8Xv7hRDFQu466eO1f17A4CblzGJ3ONqB+gqqajtMTFMejmfY7mI1EwrU0/
obxYmb7n3xnzfgOKhIri1v5AIB+B1zHhmjUzXN5rrU8leUHwomKHwFMpPWcMjt2t
CtxPnOmQiA7rZMER7dsJ5dRscSE=
=d5QJ
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic