CISCO : Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability (cisco-sa-20170310-struts2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106647

Categoría: CISCO

Título: Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability (cisco-sa-20170310-struts2)

Resumen: Cisco Unified Communications Manager is prone to a; vulnerability in Apache Struts2.

Descripción: Summary:
Cisco Unified Communications Manager is prone to a
vulnerability in Apache Struts2.

Vulnerability Insight:
On March 6, 2017, Apache disclosed a vulnerability in the
Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands
remotely on the targeted system using a crafted Content-Type header value.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-5638
BugTraq ID: 96729
http://www.securityfocus.com/bid/96729
CERT/CC vulnerability note: VU#834067
https://www.kb.cert.org/vuls/id/834067
https://exploit-db.com/exploits/41570
https://www.exploit-db.com/exploits/41614/
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/
http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html
https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/
https://github.com/mazen160/struts-pwn
https://github.com/rapid7/metasploit-framework/issues/8064
https://isc.sans.edu/diary/22169
https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html
https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt
https://twitter.com/theog150/status/841146956135124993
https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
http://www.securitytracker.com/id/1037973

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106647
Categoría:	CISCO
Título:	Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability (cisco-sa-20170310-struts2)
Resumen:	Cisco Unified Communications Manager is prone to a; vulnerability in Apache Struts2.
Descripción:	Summary: Cisco Unified Communications Manager is prone to a vulnerability in Apache Struts2. Vulnerability Insight: On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a crafted Content-Type header value. Solution: See the referenced vendor advisory for a solution. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5638 BugTraq ID: 96729 http://www.securityfocus.com/bid/96729 CERT/CC vulnerability note: VU#834067 https://www.kb.cert.org/vuls/id/834067 https://exploit-db.com/exploits/41570 https://www.exploit-db.com/exploits/41614/ http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/ http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/ https://github.com/mazen160/struts-pwn https://github.com/rapid7/metasploit-framework/issues/8064 https://isc.sans.edu/diary/22169 https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt https://twitter.com/theog150/status/841146956135124993 https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/ https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E http://www.securitytracker.com/id/1037973
Copyright	Copyright (C) 2017 Greenbone Networks GmbH