Apache Struts 2 RCE S2-045

Impact: High


It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn’t valid an exception is thrown which is then used to display an error message to a user.


If you are using Jakarta based file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or or newer version.


Last updated on June 06, 2022

This issue is available in SmartScanner Professional

See Pricing