{"cve":{"cve_id":"CVE-2017-5638","is_kev":true,"kev_date_added":"2021-11-03","kev_vendor_project":"Apache","kev_product":"Struts","kev_vulnerability_name":"Apache Struts Remote Code Execution Vulnerability","kev_short_description":"Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-05-03","kev_known_ransomware":true,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2017-5638","kev_cwes":["CWE-20"],"epss_score":0.99999,"epss_percentile":0.99993,"epss_as_of":"2026-06-23","description":"The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.","published_at":"2017-03-11T02:11:00Z","last_modified_at":null,"cvss_v3_score":9.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"total","cwes":["CWE-755"],"nvd_references":["https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html","http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt","https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/","https://exploit-db.com/exploits/41570","https://security.netapp.com/advisory/ntap-20170310-0001/","https://github.com/rapid7/metasploit-framework/issues/8064","https://struts.apache.org/docs/s2-046.html","http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html","https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us","https://www.kb.cert.org/vuls/id/834067","https://isc.sans.edu/diary/22169","https://struts.apache.org/docs/s2-045.html","http://www.securitytracker.com/id/1037973","http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html","http://www.securityfocus.com/bid/96729","https://twitter.com/theog150/status/841146956135124993","https://github.com/mazen160/struts-pwn","https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt","https://www.symantec.com/security-center/network-protection-security-advisories/SA145","https://support.lenovo.com/us/en/product_security/len-14200","https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us","https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228","https://cwiki.apache.org/confluence/display/WW/S2-045","https://www.exploit-db.com/exploits/41614/","https://cwiki.apache.org/confluence/display/WW/S2-046","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us","http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/","https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"],"vuln_status":null,"trending_score":0.6099982,"is_trending":true,"has_trended":true,"trended_number_one":false,"trending_peak_score":0.6099982,"trending_peak_rank":36,"started_trending_at":"2026-06-29T02:30:27.366045Z","trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-29T02:30:27.550645Z"},"effective_severity":"CRITICAL","badges":["kev","ransomware","poc","trending","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-struts","product_name":"Apache Struts","version_start":"2.3.x before 2.3.32","version_start_inclusive":true,"version_end":"2.3.x before 2.3.32","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-struts:2.3.x before 2.3.32:2.3.x before 2.3.32"},{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-struts","product_name":"Apache Struts","version_start":"2.5.x before 2.5.10.1","version_start_inclusive":true,"version_end":"2.5.x before 2.5.10.1","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-struts:2.5.x before 2.5.10.1:2.5.x before 2.5.10.1"}],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-5638.yaml","title":"Apache Struts 2 - Remote Command Execution","author":"Random_Robbie","disclosed_at":null}],"news":[],"references":[{"url":"https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html","source_type":"MISC","tags":[]},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt","source_type":"MISC","tags":[]},{"url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/","source_type":"MISC","tags":[]},{"url":"https://exploit-db.com/exploits/41570","source_type":"EXPLOIT","tags":["exploit"]},{"url":"https://security.netapp.com/advisory/ntap-20170310-0001/","source_type":"MISC","tags":[]},{"url":"https://github.com/rapid7/metasploit-framework/issues/8064","source_type":"EXPLOIT","tags":["exploit"]},{"url":"https://struts.apache.org/docs/s2-046.html","source_type":"MISC","tags":[]},{"url":"http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html","source_type":"MISC","tags":[]},{"url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/","source_type":"MISC","tags":[]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us","source_type":"MISC","tags":[]},{"url":"https://www.kb.cert.org/vuls/id/834067","source_type":"MISC","tags":[]},{"url":"https://isc.sans.edu/diary/22169","source_type":"MISC","tags":[]},{"url":"https://struts.apache.org/docs/s2-045.html","source_type":"MISC","tags":[]},{"url":"http://www.securitytracker.com/id/1037973","source_type":"MISC","tags":[]},{"url":"http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html","source_type":"MISC","tags":[]},{"url":"http://www.securityfocus.com/bid/96729","source_type":"MISC","tags":[]},{"url":"https://twitter.com/theog150/status/841146956135124993","source_type":"MISC","tags":[]},{"url":"https://github.com/mazen160/struts-pwn","source_type":"MISC","tags":[]},{"url":"https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt","source_type":"EXPLOIT","tags":["exploit"]},{"url":"https://www.symantec.com/security-center/network-protection-security-advisories/SA145","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.lenovo.com/us/en/product_security/len-14200","source_type":"MISC","tags":[]},{"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a","source_type":"MISC","tags":[]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us","source_type":"MISC","tags":[]},{"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228","source_type":"MISC","tags":[]},{"url":"https://cwiki.apache.org/confluence/display/WW/S2-045","source_type":"MISC","tags":[]},{"url":"https://www.exploit-db.com/exploits/41614/","source_type":"EXPLOIT","tags":["exploit"]},{"url":"https://cwiki.apache.org/confluence/display/WW/S2-046","source_type":"MISC","tags":[]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us","source_type":"MISC","tags":[]},{"url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/","source_type":"MISC","tags":[]},{"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]}],"timeline":[{"type":"published","at":"2017-03-11T02:11:00Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2021-11-03T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"ssvc_changed","at":"2026-06-24T00:31:10.389451Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:10.389451Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:10.389451Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:10.389451Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:10.389451Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:10.389451Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"started_trending","at":"2026-06-29T02:30:27.366045Z","label":"Started trending","source":null}]}