VDB
WID-SEC-W-2024-0215
WID-SEC-W-2024-0215
PUBLISHED
CVSS 8.699999809265137 HIGH
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blue Coat ProxySG 6.5 | ||
| Arista EOS <=4.15 | ||
| Cisco Unified Communications Manager (CUCM) | ||
| Cisco IronPort Encryption Appliance | ||
| Cisco Media Experience Engine (MXE) | ||
| Cisco Packet Tracer | ||
| Cisco Emergency Responder | ||
| Blue Coat Director 6.1 | ||
| Cisco Unified IP Phone | ||
| Cisco TelePresence Server | ||
| Cisco Network Analysis Module | ||
| Cisco Prime Security Manager (PRSM) | ||
| Cisco MDS 9000 | ||
| Cisco Digital Media Manager | ||
| Cisco Prime Infrastructure | ||
| Cisco Digital Media Player | ||
| Cisco Nexus 1000V | ||
| Blue Coat ProxySG 6.6 | ||
| Blue Coat ProxyAV 3.5 |
Exploit Intelligence
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
- A practical lab demonstrating the exploitation of a critical Remote Code Execution (RCE) vulnerability in Apache Struts2 (CVE-2017-5638) using Vulhub Docker environments. Includes setup instructions and commands to run the vulnerable container. (github-poc)
- ACharaf06/CVE-2017-5638-Attack-and-Defense (github-poc)
- CVE-2017-5638- PoC (github-poc)
- A hands-on simulation of CVE-2017-5638 (Apache Struts2 RCE), showcasing exploit reproduction, OS-level command execution, and mitigations such as input sanitization and endpoint monitoring. Built in Python/Flask with Jupyter notebook demos (github-poc)
- MuhammadAbdullah192/CVE-2017-5638-Remote-Code-Execution-Apache-Struts2-EXPLOITATION (github-poc)
- Apache Struts2 CVE-2017-5638 (Safe Educational Demo) (github-poc)
- Real-time anomaly detection system for Apache Struts CVE-2017-5638 exploit using streaming analytics, 3-gram byte analysis, and Count-Min Sketch. Detects RCE attacks without signatures, with <5ms latency and <0.1% false positives. (github-poc)
- QHxDr-dz/CVE-2017-5638 (github-poc)
…and 138 more exploits
Timeline
- May 3, 2016 CVE Published
- Oct 2, 2020 PoC Published
- Nov 6, 2020 PoC Published
- Sep 6, 2021 PoC Published
- Aug 28, 2024 CVE Updated
- Oct 9, 2024 PoC Published
- Dec 12, 2024 PoC Published
- Mar 28, 2025 PoC Published
- Sep 26, 2025 PoC Published
- Apr 12, 2026 Distribution Patch
- Apr 12, 2026 Distribution Patch
- Apr 12, 2026 Distribution Patch
References
- https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2024-0215.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0215 advisory
- https://www.suse.com/support/update/announcement/2016/suse-su-20161228-1.html url
- https://www.suse.com/support/update/announcement/2016/suse-su-20161233-1.html url
- https://www.suse.com/support/update/announcement/2016/suse-su-20161206-1.html url
- https://www.debian.org/security/2016/dsa-3566 url
- http://www.ubuntu.com/usn/usn-2959-1/ url
- https://www.suse.com/support/update/announcement/2016/suse-su-20161231-1.html url
- https://www.openssl.org/news/secadv/20160503.txt url
- https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc url
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl url
- http://www.arista.com/en/support/advisories-notices/security-advisories/1334-security-advisory-20 url
- https://support.f5.com/kb/en-us/solutions/public/k/23/sol23230229.html url
- https://www.suse.com/support/update/announcement/2016/suse-su-20161267-1.html url
- https://bto.bluecoat.com/security-advisory/sa123 url
- https://rhn.redhat.com/errata/RHSA-2016-0996.html url
- https://rhn.redhat.com/errata/RHSA-2016-0722.html url
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html url
- https://www.suse.com/support/update/announcement/2016/suse-su-20161360-1.html url
- https://support.f5.com/kb/en-us/solutions/public/k/36/sol36488941.html url
…and 35 more