Alert: A remote code execution flaw was discovered in the widely-used Apache Struts 2 framework. Although this vulnerability has been patched, attackers continue to exploit vulnerable (unpatched) systems.
This zero-day vulnerability affects file upload Multipart parser in the open-source Apache Struts 2 technology framework, which is widely used in Java applications. The vulnerability was reported by a Chinese developer, Nike Zheng.
The Struts 2 vulnerability (CVE-2017-5638) was publicly disclosed on March 6. This particular flaw lives in the Jakarta Multipart parser upload function in Apache. It allows an attacker to create and execute a maliciously crafted request (a malicious Content-Type value) on an Apache webserver.
This Remote Code Execution flaw is critical because it allows attacks without authentication. Additionally, even the presence of the vulnerable Struts library in an app is enough to execute the attack.
Since the vulnerability is publicly disclosed, there are multiple public proofs-of-concept (POC) exploit code out in the open. Anyone with Struts 2 code understanding can follow the simple PoCs for Remote Code Execution.
Some attackers even execute “whoami” commands first to determine if the system is vulnerable. In some cases, attackers have turned off the firewall.
Any product running on Struts 2.3.5 to Struts 2.3.31 and Struts 2.5 to 2.5.10. Administrators with custom changes on the Struts source code should be extra cautious with the vulnerability.
According to the Cisco Identity Services Engine, Prime Service Catalog Virtual Appliance, and Unified SIP Proxy Software need fixing; but they are still investigating other products. VMware has also issued an advisory for Horizon Desktop-as-a-Service, vCenter Server, vRealize Operations Manager, and vRealize Hyperic Server.
All the Indusface products, i.e. Total Application Security (TAS), Web Application Scanning (WAS), and Web Application Firewall (WAF) were configured to detect, report, and protect against the Struts 2 vulnerability by default.
The Core Rule Set (CRS) in the Indusface Web Application Firewall is already protecting customers against these attacks by default. Both Indusface automated VA scans and manual penetration testing also include checks for the Apache Strut 2 flaw.
We understand that open source is an essential component of the application development and delivery framework for businesses. That’s why our suite of products help new-age companies
Claim your Free Forever Scan today to start securing your businesses against such critical zero-day threats.
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.
This post was last modified on March 16, 2023 16:44
Learn how to prevent credential stuffing attacks with strong password policies, account lockout mechanisms, anomoly… Read More
Indusface has once again been recognized as a Gartner® Peer Insights™ Customers' Choice for Cloud… Read More
Protect your business from DDoS attacks with multi-layered DDoS defense, proactive threat modeling, rate limiting,… Read More
