You are here
Home > Preporuke > Kritična ranjivost platforme Apache Struts2

Kritična ranjivost platforme Apache Struts2

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

Advisory ID: cisco-sa-20170310-struts2

Revision: 1.0

For Public Release: 2017 March 10 19:30 GMT

Last Updated: 2017 March 10 19:30 GMT

CVE ID(s): CVE-2017-5638

+———————————————————————

Summary
=======
On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a crafted Content-Type header value.

This vulnerability has been assigned CVE-ID CVE-2017-5638.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJYwxGDZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkx0BAAxUbK2UurvyUPn5U/
0JA4/3kfFG+eE1/0/QLoCy4uYnnauEzl0LlSRg12pxL008aNdHbExjtmhbOhz5Yp
yqjcVHY8V+obVTbWANVTC5g7h4mcNYFKIWTio+x9YefHAqUPxmoU6aVlTYejrcl3
C2Z+Oa/Ogjd1ewKfLCZnxZoT7OmovvBPNyQ0kunWxV6O2ERev5XtqbCtGBO7y4ud
tPjfTY48ABI3ngGE8LoBslcE8h5b/zfNzclxrmOPlhU0ZZC0KqMBnJ0W6TUW/ZHz
Z6Q9suBEBEImSRe6kkIqozf8QA7PxIiYRaCJIR+zUgr7uS9BFJEXTxv3yKCpzKI1
Hn30cur9MUjkcrNnthpwqSryDbGb9LkDts8DjkrIaFiI7PIR/FR8/mWOSy1Ay13B
Z93P3ac4jw+UEV+182g2Tnhfp5vdYGFYem9Yg4MFDFDo2J56ek1qSeofsx4cbMM6
MU+bF4bdBILXlHrKUyX5udqysps3WLOLmau8TGCy21yFGp06t4+YtXsi1kvXUjhw
FN0lUf8Xv7hRDFQu466eO1f17A4CblzGJ3ONqB+gqqajtMTFMejmfY7mI1EwrU0/
obxYmb7n3xnzfgOKhIri1v5AIB+B1zHhmjUzXN5rrU8leUHwomKHwFMpPWcMjt2t
CtxPnOmQiA7rZMER7dsJ5dRscSE=
=d5QJ
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorTomislav Protega
Cert idNCERT-REF-2017-03-0075-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa qemu

Otkriveni su sigurnosni nedostaci u programskom paketu qemu za operacijski sustav SUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje uvećanih ovlasti,...

Close