This repository provides a PoC for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2, exploitable via a crafted Content-Type HTTP header.# CVE-2017-5638 Apache Struts 2 RCE Proof of Concept
This repository contains a Proof of Concept (PoC) script demonstrating the Remote Code Execution (RCE) vulnerability identified as **CVE-2017-5638** in Apache Struts 2.
## Vulnerability Details
- **CVE ID:** [CVE-2017-5638](https://nvd.nist.gov/vuln/detail/CVE-2017-5638)
- **Affected Software:** Apache Struts 2 versions prior to 2.3.32 and 2.5.10.1
- **Vulnerability Type:** Remote Code Execution
- **Attack Vector:** Remote, via crafted Content-Type HTTP header
## Description
An error in the handling of the `Content-Type` header in file upload requests allows attackers to execute arbitrary OGNL expressions. This can lead to full system compromise.
## Contents
- `exploit.py`: PoC script to demonstrate the vulnerability
- `README.md`: Instructions on setting up a vulnerable environment and running the PoC
- `docs/`: Additional documentation and analysis of the vulnerability
## Disclaimer
**This project is for educational purposes only. Unauthorized use of this code against any system without permission is illegal and unethical.**
[4.0K] /data/pocs/2b4092947dec3225cd3c32b5ce8c0817f8c1fe2b
├── [4.0K] docs
│ └── [ 1] CVE-2017-5638-Analysis.md
├── [4.0K] PoC
│ ├── [ 1] exploit.py
│ └── [ 1] requirements.txt
├── [1.1K] README.md
└── [4.0K] Vulnerable-Setup
└── [ 1] VM-Setup.md
3 directories, 5 files