We have been made aware of serious vulnerability with Apache struts 2.
The vulnerability summary:
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.
More details at:
CafêX does not use Apache Struts 2 and is not vulnerable to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
If you require further information please contact Customer Support.
Comments
0 comments
Please sign in to leave a comment.