H1-212985

Exploit Intelligence

• Dungsocool/CVE-2017-5638 (github-poc-repo)
• Dungsocool/CVE-2017-5638 (github-poc)
• Kouf320/docker-lab-cve-2017-5638-cve-2021-41773 (github-poc-repo)
• Kouf320/docker-lab-cve-2017-5638-cve-2021-41773 (github-poc)
• Attack and Defense course project focused on CVE-2017-5638 analysis, exploitation, and mitigation. (github-poc)
• Attack and Defense course project focused on CVE-2017-5638 analysis, exploitation, and mitigation. (github-poc-repo)
• S2-046|S2-045: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638） (github-poc-repo)
• Apache Struts 2.0 RCE vulnerability - Allows an attacker to inject OS commands into a web application through the content-type header (github-poc-repo)
• An exploit for Apache Struts CVE-2017-5638 (github-poc-repo)
• CVE-2017-5638 (github-poc-repo)

…and 165 more exploits

Timeline

• Jul 3, 2017 CVE Published
• Jul 3, 2017 PoC Published
• Oct 2, 2020 PoC Published
• Nov 6, 2020 PoC Published
• Sep 6, 2021 PoC Published
• Oct 9, 2024 PoC Published
• Dec 12, 2024 PoC Published
• Mar 28, 2025 PoC Published
• Sep 26, 2025 PoC Published

References

• Remote code execution vulnerability on a DoD website advisory