CVE-2017-5638

Vulnerability updated 6 months ago (2024-05-04T17:56:31.254Z)
Download STIX
Preview STIX
CVE-2017-5638 is a significant vulnerability found in Apache Struts, a widely used open-source framework for developing Java web applications. This flaw in software design or implementation allowed attackers to remotely execute commands on the server running the vulnerable application, leading to potential data breaches. A notable instance of this vulnerability's exploitation was the Equifax Inc. data breach in 2017, where attackers were able to infiltrate the company's servers due to an unpatched Apache Struts vulnerability. Secureworks identified a group known as Gold Melody, linking them to five intrusions between July 2020 and July 2022. These attacks involved the exploitation of various vulnerabilities, including those affecting Oracle E-Business Suite (CVE-2016-0545), Apache Struts (CVE-2017-5638), Sitecore XP (CVE-2021-42237), and Flexera FlexNet (CVE-2021-4104). By exploiting these flaws, the attackers gained initial access to the targeted systems. The same set of vulnerabilities was observed across multiple Secureworks Incident Response (IR) engagements, indicating a consistent pattern in the attack methodology. In addition, other cybercriminal gangs have been observed exploiting known vulnerabilities in internet-exposed servers as initial access vectors. These include flaws in Oracle E-Business and WebLogic (CVE-2016-0545, CVE-2020-14882, and CVE-2020-14750), Sitecore (CVE-2021-42237), Apache Struts (CVE-2017-5638), Log4j (CVE-2021-4104), JBoss MQ Java Message Service (CVE-2017-7504), and Citrix ShareFile (CVE-2021-22941). Kaspersky also observed an attack chain that began with the exploitation of the old vulnerability in Apache Struts 2 (CVE-2017-5638), the same bug used in the Equifax data breach of 2017.
Description last updated: 2024-05-04T17:51:40.464Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apache
Vulnerability
Apache Struts
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Log4Shell Vulnerability is associated with CVE-2017-5638. Log4Shell is a significant vulnerability in the Log4j software, identified as CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105. It is a flaw in software design or implementation that allows unauthorized access to systems. Advanced Persistent Threat (APT) actors have exploited this vulnerability alUnspecified
2
Source Document References
Information about the CVE-2017-5638 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more