Indusface Total Application Security - Apache Strut 2 Vulnerability

What is the Apache Strut 2 Vulnerability?

The flaw lives in the Jakarta Multipart parser upload function in Apache. It allows an attacker to easily make a maliciously crafted request (a malicious Content-Type value) to an Apache webserver and have it executed. Struts 2.3.5 to Struts 2.3.31 are affected as are Struts 2.5 to 2.5.10; admins are urged to upgrade immediately to Struts 2.3.32 or 2.5.10.1.

CVE Details

• CVE-2017-5638 

What are the risks?

The attacks are particularly risky to anyone running their Apache webservers as root, which is not a suggested practice. The risks are severe for an organization running an exposed Apache server if it’s compromised. 

Do I need to worry about it?

If you are running affected version of Apache Struts then yes, as it can be used to get complete control over the server.

Am I protected with Indusface Web Application Firewall?

The core rule set in the Indusface Web Application Firewall protects you against Apace Strut 2 vulnerability attacks by default. All our Indusface Total Application Security and WAF customers need not to worry about it.

Will Indusface Web Application Scanning report this vulnerability?

Indusface automated VA scans will include checks for Apache Strut 2 vulnerability. Similarly, it will also be reported during manual penetration testing.