In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
So this morning, a vulnerability called str2-045has become the focus of discussion, so what on earth is this str2-045s?
The full name of this vulnerability is called: Struts remote code execution vulnerability based on Jakarta plugin plug-in. According to the official evaluation, this vulnerability is a high-risk vulnerability, his vulnerability number is: CVE-2017-5638
So what is this loophole all about?
A malicious user can trigger this vulnerability when uploading a file by modifying the Content-Type value in the HTTP request header to execute system commands.
The exploitation of this loophole is conditional! This vulnerability needs to be remotely exploited to execute code through Jakarta file upload plug-ins.
1. File upload function based on Jakarta (Jakarta Multipart parser) plug-in
two。 The malicious person carefully constructs the value of Content-Type.
This vulnerability mainly appears in the versions of Struts 2.3.5-Struts 2.3.31 Struts 2.5-Struts 2.5.10
Vulnerability description:
Apache Struts 2 has been exposed to exist a remote command execution vulnerability, vulnerability number S2-045CVE number CVE-2017-5638, when using the file upload function based on the Jakarta plug-in, there may be remote command execution, resulting in the system being *.
Vulnerability number:
CVE-2017-5638
Vulnerability name:
Struts remote Code execution vulnerability based on Jakarta plugin plug-in
Official rating:
High risk
Vulnerability description:
A malicious user can trigger this vulnerability when uploading a file by modifying the Content-Type value in the HTTP request header to execute system commands.
Exploit conditions and methods:
* * this vulnerability is remotely exploited to execute code through the Jakarta file upload plug-in.
1. File upload function based on Jakarta (Jakarta Multipart parser) plug-in
two。 The malicious person carefully constructs the value of Content-Type.
Scope of vulnerability impact:
Struts 2.3.5-Struts 2.3.31
Struts 2.5-Struts 2.5.10
Created by Lukasz Lenart, last modified yesterday at 01:14 PM
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 213
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.