CVE-STRUTS-S2-045Initial Access

Apache Struts Content-Type RCE (S2-045 / CVE-2017-5638)

Crafted Content-Type header is parsed as an OGNL expression — Equifax 2017 disaster origin.

§ Where this technique fits

CVE-STRUTS-S2-045 is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Apache Struts S2-045 (CVE-2017-5638) → Equifax-style breach
Crafted Content-Type header is parsed as OGNL — execute commands as the app user. The 2017 Equifax breach origin: unpatched Struts endpoint exposed to the internet.
step 2 / 5

§ What commonly comes next

01
Command and Scripting Interpreter
T1059 · Execution
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Apache Struts S2-045 (CVE-2017-5638) → Equifax-style breach

§ What commonly comes next