gptkbp:instanceOf
|
gptkb:security
|
gptkbp:affects
|
gptkb:Apache_Struts_2
|
gptkbp:describes
|
A vulnerability in the Jakarta Multipart parser of Apache Struts 2 allows remote attackers to execute arbitrary commands via a crafted Content-Type HTTP header.
|
gptkbp:exploits
|
Yes
|
gptkbp:hasAffectedVersion
|
gptkb:Apache_Struts_2.3.5_-_2.3.31
gptkb:Apache_Struts_2.5_-_2.5.10
|
gptkbp:hasAttackVector
|
Remote
|
gptkbp:hasAuthenticationRequired
|
No
|
gptkbp:hasCVEID
|
gptkb:CVE-2017-5638
|
gptkbp:hasCVSSScore
|
10.0
|
gptkbp:hasCWE
|
gptkb:CWE-94
gptkb:CWE-20
|
gptkbp:hasExploitInTheWild
|
Yes
|
gptkbp:hasPatchAvailable
|
Yes
|
gptkbp:hasPatchVersion
|
gptkb:Apache_Struts_2.3.32
gptkb:Apache_Struts_2.5.10.1
|
gptkbp:hasSeverity
|
Critical
|
gptkbp:hasVectorString
|
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
https://www.w3.org/2000/01/rdf-schema#label
|
CVE-2017-5638
|
gptkbp:influencedBy
|
Arbitrary code execution
System compromise
|
gptkbp:mainVendors
|
gptkb:Apache_Software_Foundation
|
gptkbp:referencedIn
|
https://nvd.nist.gov/vuln/detail/CVE-2017-5638
https://cwiki.apache.org/confluence/display/WW/S2-045
|
gptkbp:vulnerableTo
|
Remote Code Execution
|
gptkbp:wasDisclosedOn
|
2017-03-06
|
gptkbp:bfsParent
|
gptkb:Apache_Struts
|
gptkbp:bfsLayer
|
6
|