A severe vulnerability has been detected in Apache Struts 2 framework and is being actively exploited in the wild. Vulnerable platforms can have a remote malicious code executed on the server, potentially disabling server-based firewalls and deploying other types of malwares and code.
Severity
Critical
CVE Number
CVE-2017-5638
Impacted Platforms
- Apache Struts 2.3.5 through 2.3.31
- Apache Struts 2.5 through 2.5.10
Recommended actions
- Please patch as soon as possible
- For self-diagnosis, please complete the script below:
https://threatprotect.qualys.com/2017/03/08/apache-struts-jakarta-multipart-
parser-remote-code-execution-vulnerability/?_ga=1.174695586.1869652878.14890
20308
- Contact security@ubc.caabout performing credential Nessus scan
- Regularly check Apache Struts Security Bulletins (https://cwiki.apache.org/confluence/display/WW/Security+Bulletins)
More information