Apache Struts 2 Vulnerability
CafêX has been made aware of serious vulnerability with Apache struts 2.
CafêX does not use Apache Struts 2 and is not vulnerable to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
If you require further information please contact firstname.lastname@example.org.
The vulnerability summary:
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 18.104.22.168 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.