Impact of RCE vulnerability with Commons FileUpload (CVE-2017-5638) [SPR-15341] #19904
Assignees
Labels
in: web
Issues in web modules (web, webmvc, webflux, websocket)
status: invalid
An issue that we don't feel is valid
Comments
|
Juergen Hoeller commented As far as I'm aware, the actual vulnerability is in rendering Commons FileUpload's multipart content-type exception within an executable expression environment like OGNL in Struts... and not in Commons FileUpload itself. As a consequence, there is no new release of the FileUpload library, just a patch in the error rendering code within Struts. So even when a developer chooses to use Commons FileUpload with Spring, there is no expression rendering of such exception messages in this environment: We just propagate the exception to the Servlet container or to user-specific exception handler methods. So from my perspective, there is nothing we can defensively revise here. |
spring-projects-issues
added
status: invalid
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Mike Norman opened SPR-15341 and commented
CVE-2017-5638 describes a RCE exploit due to parse-bug for
content-typein the Jakarta Multipart parser.
I believe Spring Web's CommonsMultipartResolver is based upon the above code
A patch has been proposed at:
https://git-wip-us.apache.org/repos/asf?p=struts.git;a=commitdiff;h=6b8272ce47160036ed120a48345d9aa884477228
Should be looked at, n'est-ce pas?
Reference URL: rapid7/metasploit-framework#8064
The text was updated successfully, but these errors were encountered: