• Three Articles about New Apache Struts 2 Vulnerability

    Home » Forums » Admin IT Lounge » Admin IT Lounge – Miscellaneous » Three Articles about New Apache Struts 2 Vulnerability

    Tags:

    Author
    Topic
    PhotM
    AskWoody Lounger
    March 21, 2017 at 12:54 pm #103068

    Patch Available for New Struts 2 Vulnerability CVE-2017-5638
    https://dzone.com/articles/patch-available-for-new-struts-2-vulnerability-cve

    The newly discovered flaw in the Struts 2 framework has existed for more than four years. Read on to find out more about the patch.

    by Tom Smith · Mar. 18, 17 · Security Zone

    Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2
    http://securityaffairs.co/wordpress/57130/hacking/cra-apache-struts-hack.html

    March 14, 2017 By Pierluigi Paganini

    Canada Revenue Agency confirmed it shut down its website for filing federal taxes due to a cyber attack leveraging the CVE-2017-5638 flaw in Apache Struts 2

    WEDNESDAY, MARCH 8, 2017

    Content-Type: Malicious – New Apache Struts2 0-day Under Attack
    http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

    This post is authored by Nick Biasini

    UPDATE: It was recently disclosed that in addition to Content-Type being vulnerable, both Content-Disposition and Content-Length can be manipulated to trigger this particular vulnerability. No new CVE was listed, however details of the vulnerability and remediation are available in this security advisory.

    Talos has observed a new Apache vulnerability that is being actively exploited in the wild. The vulnerability (CVE-2017-5638) is a remote code execution bug that affects the Jakarta Multipart parser in Apache Struts, referenced in this security advisory. Talos began investigating for exploitation attempts and found a high number of exploitation events. The majority of the exploitation attempts seem to be leveraging a publicly released PoC that is being used to run various commands. Talos has observed simple commands (i.e. whoami) as well as more sophisticated commands including pulling down a malicious ELF executable and execution.

    With exploitation actively underway Talos recommends immediate upgrading if possible or following the work around referenced in the above security advisory.

    --------------------------------------

    1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

    SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

    CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
    Graphics Radeon RX 580, RX 580 ONLY Over Clocked
    More perishable

    2xMonitors Asus DVI, Sony 55" UHD TV HDMI

    1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
    1xOS W8.1 Pro, NAS Dependent, Same Sony above.

    -----------------

    Reply | Quote
    Reply To: Three Articles about New Apache Struts 2 Vulnerability

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    June 2025
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.