INFOWORLD TECH WATCH
Apache Struts bug is under attack, patch now
http://www.infoworld.com/article/3178656/security/apache-struts-bug-is-under-attack-patch-now.html#tk.twt_ifw
Flaw in how Content-Type headers are handled by the Jakarta Multipart parser in Apache Struts can result in an attacker being able to remotely execute code on vulnerable systems
By Fahmida Y. Rashid | Senior Writer
Informed news analysis every weekday
InfoWorld | MAR 9, 2017
Credit: Thinkstock
Apache Software Foundation has patched a remote code execution vulnerability affecting the Jakarta Multipart parser in Apache Struts. Administrators need to update the popular Java application framework or put workarounds in place because the vulnerability is actively being targeted in attacks.
The issue affects Apache Struts versions 2.3.5 through 2.3.31 and versions 2.5 through 2.5.10. The presence of vulnerable code is enough to expose the system to attack—the web application doesn’t need to implement file upload for attackers to exploit the flaw, said researchers from Cisco Talos.
Talos “found a high number of exploitation events,” said Cisco threat researcher Nick Biasini. “With exploitation actively underway, Talos recommends immediate upgrading if possible or following the workaround referenced in the above security advisory.”
…………..
--------------------------------------
1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB
SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64
CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable
2xMonitors Asus DVI, Sony 55" UHD TV HDMI
1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.
-----------------
