CVE-2017-5638

GPTKB entity

Statements (28)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:affects gptkb:Apache_Struts_2
gptkbp:describes A vulnerability in the Jakarta Multipart parser of Apache Struts 2 allows remote attackers to execute arbitrary commands via a crafted Content-Type HTTP header.
gptkbp:exploits Yes
gptkbp:hasAffectedVersion gptkb:Apache_Struts_2.3.5_-_2.3.31
gptkb:Apache_Struts_2.5_-_2.5.10
gptkbp:hasAttackVector Remote
gptkbp:hasAuthenticationRequired No
gptkbp:hasCVEID gptkb:CVE-2017-5638
gptkbp:hasCVSSScore 10.0
gptkbp:hasCWE gptkb:CWE-94
gptkb:CWE-20
gptkbp:hasExploitInTheWild Yes
gptkbp:hasPatchAvailable Yes
gptkbp:hasPatchVersion gptkb:Apache_Struts_2.3.32
gptkb:Apache_Struts_2.5.10.1
gptkbp:hasSeverity Critical
gptkbp:hasVectorString CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
https://www.w3.org/2000/01/rdf-schema#label CVE-2017-5638
gptkbp:influencedBy Arbitrary code execution
System compromise
gptkbp:mainVendors gptkb:Apache_Software_Foundation
gptkbp:referencedIn https://nvd.nist.gov/vuln/detail/CVE-2017-5638
https://cwiki.apache.org/confluence/display/WW/S2-045
gptkbp:vulnerableTo Remote Code Execution
gptkbp:wasDisclosedOn 2017-03-06
gptkbp:bfsParent gptkb:Apache_Struts
gptkbp:bfsLayer 6