Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1430326 - (CVE-2017-5638) CVE-2017-5638 struts2: RCE when performing file upload based on Jakarta Multipart parser
CVE-2017-5638 struts2: RCE when performing file upload based on Jakarta Multi...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
impact=critical,public=20170306,repor...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-08 06:41 EST by Andrej Nemec
Modified: 2018-03-01 12:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was reported in Apache Struts 2 that could allow an attacker to perform remote code execution with a malicious Content-Type value.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-03-08 06:44:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Andrej Nemec 2017-03-08 06:41:54 EST 
It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user.

External References:

https://cwiki.apache.org/confluence/display/WW/S2-045

References:

https://github.com/rapid7/metasploit-framework/issues/8064
Comment 3 Kurt Seifried 2017-03-09 11:39:14 EST 
It doesn't appear that Satellite version 5.x is affected (struts 1) either. Thread 15aa3463cdf3ff5f.
Comment 5 Kurt Seifried 2017-03-23 10:57:53 EDT 
Statement:

This issue did not affect any of the Red Hat products as they did not include the Apache Struts 2 package. Additionally it does not appear that struts 1 is affected by this vulnerability (the affected code does not appear to be present in struts 1). Additionally it does not appear that Red Hat has backported any code from struts 2 to struts 1 as the code bases are quite different and backporting any significant code would be a major effort with questionable results due to compatibility issues.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.