CVE-2017-5638: Apache Struts 2 RCE

Score: 10
CRITICAL
Published: 2017-03-06Affected: Apache Struts 2.x < 2.3.32 / 2.5.x < 2.5.10.1CWE-20 β†—

How was Apache Struts 2 exploited in the Equifax breach?

Remote code execution in Apache Struts 2 via a crafted Content-Type HTTP header in multipart upload requests. The Jakarta Multipart parser evaluates OGNL expressions in error messages, enabling arbitrary command execution.

Impact & Exploitation

Used in the Equifax breach (2017) that exposed personal data of 147 million people. One of the most consequential web application vulnerabilities in history.

Related Resources

πŸ“‹ OWASP Top 10

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS10
SeverityCRITICAL
CWECWE-20
Published2017-03-06

Tags

javarceequifaxweb

Quick Links

Is your system affected?

Precogs AI detects Apache Struts 2 RCE in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2017-5638 Apache Struts 2 RCE don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo