Количество 7
Количество 7
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 an ...
GHSA-j77q-2qqg-6989
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
BDU:2017-02060
Уязвимость парсера Jakarta Multipart программной платформы Apache Struts, позволяющая нарушителю выполнить произвольный код
BDU:2017-01273
Уязвимость парсера Jakarta Multipart программной платформы Apache Struts, позволяющая нарушителю выполнить произвольные команды
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-5638 The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | CVSS3: 9.8 | 94% Критический | почти 9 лет назад |
 | CVE-2017-5638 The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | CVSS3: 9.8 | 94% Критический | почти 9 лет назад |
 | CVE-2017-5638 The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | CVSS3: 9.8 | 94% Критический | почти 9 лет назад |
| CVE-2017-5638 The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 an ... | CVSS3: 9.8 | 94% Критический | почти 9 лет назад |
| GHSA-j77q-2qqg-6989 Apache Struts vulnerable to remote arbitrary command execution due to improper input validation | CVSS3: 10 | 94% Критический | больше 7 лет назад |
 | BDU:2017-02060 Уязвимость парсера Jakarta Multipart программной платформы Apache Struts, позволяющая нарушителю выполнить произвольный код | CVSS2: 7.6 | 94% Критический | почти 9 лет назад |
| BDU:2017-01273 Уязвимость парсера Jakarta Multipart программной платформы Apache Struts, позволяющая нарушителю выполнить произвольные команды | CVSS2: 10 | 94% Критический | почти 9 лет назад |
Уязвимостей на страницу