HPE Security Bulletin HPESBGN03733 1 - A potential security vulnerability in Jakarta Multipart parser in Apache Struts has been addressed in HPE Universal CMDB. This vulnerability could be remotely exploited to allow code execution via mishandled file upload. Revision 1 of this advisory.
203b21286e8f35dd6f52eec0b3e4bbb43621d80d6ac0d878939de5e01acf4c15
HPE Security Bulletin HPESBHF03723 1 - A potential security vulnerability has been identified in HPE Aruba ClearPass Policy Manager. The vulnerability could be remotely exploited to allow execution of code. **Note:** The ClearPass Policy Manager administrative Web interface is affected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT impacted. Revision 1 of this advisory.
d6e597c7bb73b8b7ba06f660e94513f08f799d97c77d1c9cf31cc41c314e3fa6
This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.
0d1583b3fe45147f90ce781625616136ad2241ae276309d87b001d39d32dddbc
Apache Struts 2 versions 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 remote code execution exploit that provides a reverse shell.
4249528b5e1ce3828e6c7e9ef9bd8ccc0bce85f9d2c31917b250f9169e585612