HomePentest-Tools.com Logo

Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability (cisco-sa-20170310-struts2) CVE-2017-5638

Severity
CVSSv3 Score
10
Vulnerability description

Cisco Unified Communications Manager is prone to a vulnerability in Apache Struts2.

Risk description

On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a crafted Content-Type header value.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 11, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available