—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products
Advisory ID: cisco-sa-20170310-struts2
Revision: 1.0
For Public Release: 2017 March 10 19:30 GMT
Last Updated: 2017 March 10 19:30 GMT
CVE ID(s): CVE-2017-5638
+———————————————————————
Summary
=======
On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a crafted Content-Type header value.
This vulnerability has been assigned CVE-ID CVE-2017-5638.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2”]
—–BEGIN PGP SIGNATURE—–
iQKBBAEBAgBrBQJYwxGDZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkx0BAAxUbK2UurvyUPn5U/
0JA4/3kfFG+eE1/0/QLoCy4uYnnauEzl0LlSRg12pxL008aNdHbExjtmhbOhz5Yp
yqjcVHY8V+obVTbWANVTC5g7h4mcNYFKIWTio+x9YefHAqUPxmoU6aVlTYejrcl3
C2Z+Oa/Ogjd1ewKfLCZnxZoT7OmovvBPNyQ0kunWxV6O2ERev5XtqbCtGBO7y4ud
tPjfTY48ABI3ngGE8LoBslcE8h5b/zfNzclxrmOPlhU0ZZC0KqMBnJ0W6TUW/ZHz
Z6Q9suBEBEImSRe6kkIqozf8QA7PxIiYRaCJIR+zUgr7uS9BFJEXTxv3yKCpzKI1
Hn30cur9MUjkcrNnthpwqSryDbGb9LkDts8DjkrIaFiI7PIR/FR8/mWOSy1Ay13B
Z93P3ac4jw+UEV+182g2Tnhfp5vdYGFYem9Yg4MFDFDo2J56ek1qSeofsx4cbMM6
MU+bF4bdBILXlHrKUyX5udqysps3WLOLmau8TGCy21yFGp06t4+YtXsi1kvXUjhw
FN0lUf8Xv7hRDFQu466eO1f17A4CblzGJ3ONqB+gqqajtMTFMejmfY7mI1EwrU0/
obxYmb7n3xnzfgOKhIri1v5AIB+B1zHhmjUzXN5rrU8leUHwomKHwFMpPWcMjt2t
CtxPnOmQiA7rZMER7dsJ5dRscSE=
=d5QJ
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com