CVE-2017-5638 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
apache	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
apache	struts	2.2.3 ≤ 𝑥 < 2.3.32
apache	struts	2.5.0 ≤ 𝑥 < 2.5.10.1
ibm	storwize_v3500_firmware	7.7.1.6
ibm	storwize_v3500_firmware	7.8.1.0
ibm	storwize_v5000_firmware	7.7.1.6
ibm	storwize_v5000_firmware	7.8.1.0
ibm	storwize_v7000_firmware	7.7.1.6
ibm	storwize_v7000_firmware	7.8.1.0
lenovo	storage_v5030_firmware	7.7.1.6
lenovo	storage_v5030_firmware	7.8.1.0
hp	server_automation	9.1.0
hp	server_automation	10.0.0
hp	server_automation	10.1.0
hp	server_automation	10.2.0
hp	server_automation	10.5.0
oracle	weblogic_server	10.3.6.0.0
oracle	weblogic_server	12.1.3.0.0
oracle	weblogic_server	12.2.1.1.0
oracle	weblogic_server	12.2.1.2.0
arubanetworks	clearpass_policy_manager	𝑥 < 6.6.5
netapp	oncommand_balance	-

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

libstruts1.2-java

yakkety	dne
xenial	dne
trusty	dne
precise	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-755 - Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.

Vulnerability Media Exposure

[ENGLISH] 251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct "exposure points" earlier this month. The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and hosted by Amazon. "These IPs triggered 75 distinct behaviors, including CVE exploits,
Published: 2025-05-28T14:53:00+05:30

References

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.securityfocus.com/bid/96729

http://www.securitytracker.com/id/1037973

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

https://cwiki.apache.org/confluence/display/WW/S2-045

https://cwiki.apache.org/confluence/display/WW/S2-046

https://exploit-db.com/exploits/41570

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

https://github.com/mazen160/struts-pwn

https://github.com/rapid7/metasploit-framework/issues/8064

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

https://isc.sans.edu/diary/22169

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

https://security.netapp.com/advisory/ntap-20170310-0001/

https://struts.apache.org/docs/s2-045.html

https://struts.apache.org/docs/s2-046.html

https://support.lenovo.com/us/en/product_security/len-14200

https://twitter.com/theog150/status/841146956135124993

https://www.exploit-db.com/exploits/41614/

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

https://www.kb.cert.org/vuls/id/834067

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.securityfocus.com/bid/96729

http://www.securitytracker.com/id/1037973

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

https://cwiki.apache.org/confluence/display/WW/S2-045

https://cwiki.apache.org/confluence/display/WW/S2-046

https://exploit-db.com/exploits/41570

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

https://github.com/mazen160/struts-pwn

https://github.com/rapid7/metasploit-framework/issues/8064

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

https://isc.sans.edu/diary/22169

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

https://security.netapp.com/advisory/ntap-20170310-0001/

https://struts.apache.org/docs/s2-045.html

https://struts.apache.org/docs/s2-046.html

https://support.lenovo.com/us/en/product_security/len-14200

https://twitter.com/theog150/status/841146956135124993

https://www.exploit-db.com/exploits/41614/

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

https://www.kb.cert.org/vuls/id/834067

https://www.symantec.com/security-center/network-protection-security-advisories/SA145