Posts

VULNERABILITY – New critical vulnerability impacting Apache Struts

A new Apache Struts remote code execution vulnerability dubbed CVE-2018-11776 was recently discovered by security researchers. The root cause of the flow was identified in the lack of input validation on the URL passed to the Struts framework affecting all versions of Struts 2.

The criticality of the CVE-2018-11776 resides in the depth of its operational level. As a matter of fact, it affects the Struts code running not only on a single functional area but across all libraries used by the web application framework. Following the discovery, the Apache Software Foundation released the patch and urged all users of Struts 2.3 and Struts 2.5 to upgrade to the latest versions. Shortly after the patch was released on August 22nd, a proof-of-concept was posted on Github with a Python script that eases exploitation.

Proficio Threat Intelligence Recommendations:

  • Users of Apache Struts are urged to update their Struts framework to its latest version. More technical details and guidelines can be found in the advisory released by the Apache Software Foundation, available at: here.


General Information – Click Here

Vulnerability: Apache – CVE-2017-5638 – Apache Struts Jakarta Parser

In March of 2017, attackers began exploiting a bug in the Apache Struts Jakarta Multipart parser. The attack resulted in attackers being able to execute arbitrary commands on HTTP servers with specially crafted HTTP requests. This vulnerability has recently gained additional buzz because there has been a recently named campaign (Zealot) that uses this vulnerability to compromise a web server and gain a foothold on the network and then use EternalBlue and EternalSynergy exploits to move laterally.

Campaign using vulnerability to gain foothold via web servers – https://f5.com/labs/articles/threat-intelligence/cyber-security/zealot-new-apache-struts-campaign-uses-eternalblue-and-eternalsynergy-to-mine-monero-on-internal-networks?sf176487178=1

NVD Reference – https://nvd.nist.gov/vuln/detail/CVE-2017-5638#vulnDescriptionTitle

Proficio Threat Intelligence Recommendations:

  • Upgrade to Struts 2.3.32 or Struts 2.5.10.1 on any Apache system within the organization