CVE-2017-5638CISA KEV: Actively Exploited

Apache Struts Remote Code Execution Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.

Public Exploits & PoCs68 found

PoC: struts-pwn

An exploit for Apache Struts CVE-2017-5638

405

PoC: Struts2-045-Exp

Struts2 S2-045(CVE-2017-5638)Exp with GUI

62

PoC: strutszeiro

Telegram Bot to manage botnets created with struts vulnerability(CVE-2017-5638)

40

PoC: apache-struts2-CVE-2017-5638

Demo Application and Exploit

36

PoC: S2-045-EXP-POC-TOOLS

S2-045 漏洞 POC-TOOLS CVE-2017-5638

25

PoC: S2-045

Struts2 S2-045(CVE-2017-5638)Vulnerability environment - http://www.mottoin.com/97954.html

24

PoC: st2-046-poc

st2-046-poc CVE-2017-5638

21

PoC: Struts-Apache-ExploitPack

These are just some script which you can use to detect and exploit the Apache Struts Vulnerability (CVE-2017-5638)

16

PoC: cve-2017-5638

cve-2017-5638 Vulnerable site sample

14

PoC: cve-2017-5638

Example PoC Code for CVE-2017-5638 | Apache Struts Exploit

14

PoC: strutsy

Strutsy - Mass exploitation of Apache Struts (CVE-2017-5638) vulnerability

13

PoC: CVE-2017-5638

Apache Struts 2.0 RCE vulnerability - Allows an attacker to inject OS commands into a web application through the content-type header

9

PoC: struts2-rce

Exploitable target to CVE-2017-5638

8

PoC: CVE-2017-5638_struts

detection for Apache Struts recon and compromise

8

PoC: CVE-2017-5638

Struts02 s2-045 exploit program

5

PoC: Apache-Struts-2-CVE-2017-5638-Exploit-

Exploit created by: R4v3nBl4ck end Pacman

4

PoC: StrutsShell

Apache Struts (CVE-2017-5638) Shell

3

PoC: CVE-2017-5638

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution - Shell Script

2

PoC: struts2-jakarta-inject

Golang exploit for CVE-2017-5638

2

PoC: Strutscli

Struts2 RCE CVE-2017-5638 CLI shell

2

PoC: Strutshock

Struts2 RCE CVE-2017-5638 non-intrusive check shell script

2

PoC: CVE-2017-5638-Apache-Struts2

Example PHP Exploiter for CVE-2017-5638

2

PoC: ExpStruts

A php based exploiter for CVE-2017-5638.

2

PoC: CVE-2017-5638-Apache-Struts2

Tweaking original PoC (https://github.com/rapid7/metasploit-framework/issues/8064) to work on self-signed certificates

2

PoC: CVE-2017-5638

CVE-2017-5638 Exploit Rewritten In Python By haxerr9

1

PoC: struts_hack

An implementation of CVE-2017-5638

1

PoC: XworkStruts-RCE

(CVE-2017-5638) XworkStruts RCE Vuln test script

1

PoC: check_struts

Apache Struts version analyzer (Ansible) based on CVE-2017-5638

1

PoC: struts-rce

Apache Struts CVE-2017-5638 RCE exploitation

1

PoC: struts2_cve-2017-5638

This is a sort of Java porting of the Python exploit at: https://www.exploit-db.com/exploits/41570/.

1

PoC: cybersecurity-struts2

Struts2 Application Vulnerable to CVE-2017-5638. Explains how the exploit of the vulnerability works in relation to OGNL and the JakartaMultiPart parser.

1

PoC: struts-rce-cve-2017-5638

Struts-RCE CVE-2017-5638

1

PoC: S2-046_S2-045_POC

S2-046|S2-045: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)

1

PoC: OgnlContentTypeRejectorValve

This is Valve for Tomcat7 to block Struts 2 Remote Code Execution vulnerability (CVE-2017-5638)

1

PoC: apache-struts-cve-2017-5638-project

Attack and Defense course project focused on CVE-2017-5638 analysis, exploitation, and mitigation.

PoC: SC3010-Computer-Security

Recreating OGNL Expression Injection vulnerability CVE-2017-5638.

PoC: vulhub-struts2

A practical lab demonstrating the exploitation of a critical Remote Code Execution (RCE) vulnerability in Apache Struts2 (CVE-2017-5638) using Vulhub Docker environments. Includes setup instructions and commands to run the vulnerable container.

PoC: CVE-2017-5638-assignement

Software Security & Privacy ~ Assignement 3 : CVE PoC

PoC: Apache-Struts2-CVE-2017-5638

CVE-2017-5638- PoC

PoC: Computer-Security-Equifax-2017

A hands-on simulation of CVE-2017-5638 (Apache Struts2 RCE), showcasing exploit reproduction, OS-level command execution, and mitigations such as input sanitization and endpoint monitoring. Built in Python/Flask with Jupyter notebook demos

PoC: PoC-CVE-2017-5638

Apache Struts2 CVE-2017-5638 (Safe Educational Demo)

PoC: Detection-struts-cve-2017-5638-detector

Real-time anomaly detection system for Apache Struts CVE-2017-5638 exploit using streaming analytics, 3-gram byte analysis, and Count-Min Sketch. Detects RCE attacks without signatures, with <5ms latency and <0.1% false positives.

PoC: DeliberatelyVulnerableWebApp

A Deliberately Vulnerable Web Application built on Struts 2 (CVE-2017-5638) and Log4J (CVE-2021-44228) for testing and demonstration of OWASP Top 10 Web Application Security Risks: A06:2021-Vulnerable and Outdated Components.

PoC: CVE-2017-5638-POC

Proof of concept of CVE-2017-5638 including the whole setup of the Apache vulnerable server

PoC: CVE-2017-5638-PoC

This repository provides a PoC for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2, exploitable via a crafted Content-Type HTTP header.

PoC: web-application-firewall-

This project demonstrates a Web Application Firewall (WAF) simulation using Flask and a vulnerability checker for CVE-2017-5638. The WAF middleware blocks HTTP requests containing specific patterns, and the vulnerability checker tests for and exploits the Apache Struts 2 vulnerability (CVE-2017-5638).

PoC: CVE-2017-5638-ApacheStruts2.3.5

A exploit for CVE-2017-5638. This exploit works on versions 2.3.5-2.3.31 and 2.5 – 2.5.10

PoC: CVE-2017-5638

An exploit for CVE-2017-5638

PoC: Exploit-CVE-2017-5638

this exemple of application permet to test the vunerability CVE_2017-5638

PoC: CVE-2017-5638

This script is intended to validate Apache Struts 2 vulnerability (CVE-2017-5638), AKA Struts-Shock.

PoC: vulnerability_struts-2.3.31

Build the struts-2.3.31 (CVE-2017-5638) environment

PoC: CVE-2017-5638

PoC for CVE: 2017-5638 - Apache Struts2 S2-045

PoC: struts2-rce

Exploitable target to CVE-2017-5638

PoC: Aspire

CVE-2017-5638

PoC: cve-2017-5638

Demo app of THAT data broker's security breach

PoC: CVE-2017-5638

CVE-2017-5638 (PoC Exploits)

PoC: apache-struts-v2-CVE-2017-5638

Working POC for CVE 2017-5638

PoC: Common-Vulnerability-and-Exploit

This is the Apache Struts CVE-2017-5638 struts 2 vulnerability. The same CVE that resulted in the equifax database breach.

PoC: Apache-Struts

An exploit for Apache Struts CVE-2017-5638

PoC: strutser

Check for Struts Vulnerability CVE-2017-5638

PoC: CVE-2017-5638

CVE-2017-5638 Test environment

PoC: Struts2Shell

An exploit (and library) for CVE-2017-5638 - Apache Struts2 S2-045 bug.

PoC: Stutsfi

An exploit for CVE-2017-5638 Remote Code Execution (RCE) Vulnerability in Apache Struts 2

PoC: Struts2-045-Exp

CVE-2017-5638

PoC: S2-Reaper

CVE-2017-5638

PoC: CVE-2017-5638

CVE: 2017-5638 in different formats

PoC: test_struts2_vulnerability_CVE-2017-5638

test struts2 vulnerability CVE-2017-5638 in Mac OS X

PoC: strutszeiro

Telegram Bot to manage botnets created with struts vulnerability(CVE-2017-5638)

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free