Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability

Apache issued an emergency security alert as, Apache Struts was exposed to a high-risk remote command execution vulnerability, tracked as CVE-2017-5638. Public exploits are readily available. Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, Struts is widely used in large-scale Internet companies, government, financial institutions and other sites, and as the development of the underlying template to use.

Affected Versions

  • Apache Struts 2.3.5 – 2.3.31
  • Apache Struts 2.5 – 2.5.10

Recommended Course of Action

Upgrade to Struts 2.3.32 or Struts

More Information

  • https://blog.qualys.com/laws-of-vulnerabilities/2017/03/08/apache-struts-jakarta-multipart-parser-remote-code-execution
  • https://cwiki.apache.org/confluence/display/WW/S2-045


Member of

logo apcertfirst logo-2

Collaborated with

apwg2ICTA logo2ack cymru

Our Partners