Apache Struts 2 vulnerability and CafêX software (CVE-2017-5638)

 
CafêX has been made aware of serious vulnerability with Apache struts 2.
 
The vulnerability summary:
 
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.
 
More details at: 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
 
CafêX does not use Apache Struts 2 and is not vulnerable to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
 
If you require further information please contact support@cafex.com.
 
Have more questions? Submit a request

Comments

Powered by Zendesk