Apache Struts CVE-2017-5638 Input Validation Bypass Vulnerability

description-logoDescription

It is possible to perform a RCE attack with a maliciousContent-Dispositionvalue or with improperContent-Lengthheader. If theContent-Disposition/Content-Lengthvalue is not valid an exception is thrown which is then used to display an error message to a user. This is a different vector for the same vulnerability described inS2-045(CVE-2017-5638).

affected-products-logoAffected Applications

Apache Struts

CVE References

CVE-2017-5638