Home » Security News » New Apache Struts Zero-day vulnerability is being ...

New Apache Struts Zero-day vulnerability is being exploited to compromise corporate web servers

Deepanker Verma March 10, 2017 Security

Add Techlomedia as a preferred source on Google.

Security researchers have discovered that a known Zero-day vulnerability in Apache Struts web application framework is being actively exploited by hackers.

Security researchers from Cisco’s Threat intelligence firm Talos observed a number of active attacks exploiting this Zero-day vulnerability on servers using Apache Struts 2. They also recommended the instant upgrade to safer versions that were already released by Apache.

Apache Struts is a free open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications. It is widely used to build corporate websites in various sectors.

Apache fixed this vulnerability on Monday and an exploit for the flaw appeared on a Chinese website few hours after the bug was officially fixed. Apache has released certain versions of Apache Struts (2.3.32 / 2.5.10.1 or later) that are not vulnerable. So, you must consider upgrading to those versions to avoid any issue.

This is basically a remote code execution vulnerability in Jakarta Multipart parser that allows an attacker to execute malicious commands on the server when uploading files based on the parser. The worst thing is that the presence of this web server component is enough to allow exploitation. It doesn’t need to implement the f file upload functionality using the Jakarta Multipart parser to become vulnerable.

If you are using this parser under Apache Struts 2, you must upgrade to safer versions.

The public proof-of-concept (PoC) exploit code is available. So, anyone can try to exploit this vulnerability with available code. Researchers found that the majority of attacks are using the publicly released PoC to run the malicious commands.

Researchers also posted the screenshot showing how users are running a simple to malicious commands. See the snapshot below.

Attackers also tried to gain persistence on infected hosts by adding a binary to the boot-up routine.

This is a serious vulnerability and you must consider upgrading your Apache Struts if you are using the vulnerable versions. Users who cannot immediately upgrade to the patched versions can try to use available workarounds. They can create a Servlet filter for Content-Type to discard any request not matching multipart/form-data. Web application firewall rules are also available from various vendors to block such requests.

Source

Follow Techlomedia on Google News to stay updated.

Affiliate Disclosure:

This article may contain affiliate links. We may earn a commission on purchases made through these links at no extra cost to you.

About the Author: Deepanker Verma

Deepanker Verma is the Founder and Editor-in-Chief of TechloMedia. He holds Engineering degree in Computer Science and has over 15 years of experience in the technology sector. Deepanker bridges the gap between complex engineering and consumer electronics. He is also a a known Security Researcher acknowledged by global giants including Apple, Microsoft, and eBay. He uses his technical background to rigorously test gadgets, focusing on performance, security, and long-term value.