Exploit.HTTP.CVE-2017-5638

Detect Date 03/16/2017
Class Exploit
Platform HTTP
Description

The Jakarta Multipart parser from Apache Struts 2 versions 2.3.X up to 2.3.32, and Apache Struts 2 versions 2.5.X up to 2.5.10.1 incorrectly manages exception handling and error message generation during file uploading attempts, which allows attackers to remotely execute arbitrary commands via purposely created HTTP headers Content-Type, Content-Disposition, or Content-Length.

Top 10 countries with most attacked users (% of total attacks)

  Country Percentage of users*
1 Russia 9.73
2 Brazil 8.09
3 China 8.09
4 India 7.98
5 USA 4.70
6 Italy 2.62
7 Colombia 2.40
8 Spain 2.40
9 Vietnam 2.40
10 France 2.30

* Percentage of all unique Kaspersky users worldwide who have been attacked by this malware

Find out the statistics of the threats spreading in your region