Attacks Heating Up Against Apache Struts 2 Vulnerability

Discussion in '0-day Release' started by RGiskardR, Mar 10, 2017.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    Public attacks and scans looking for exposed Apache webservers have ramped up dramatically since Monday when a vulnerability in the Struts 2 web application framework was patched and proof-of-concept exploit code was introduced into Metasploit.

    The vulnerability, CVE-2017-5638, was already under attack in the wild prior to Monday’s disclosure, but since then, the situation has worsened and experts fear it’s going to linger for a while.

    Full source: https://threatpost.com/attacks-heating-up-against-apache-struts-2-vulnerability/124183/
     
    Der.Reisende, wwd and Trim like this.
  2. Google Adsense

  3. Trim

    Trim MTAC Moderator Staff Member

    That is surely a very dangerous attack for an Apache server, because the malcoder injects the malicious code in the Content-Type of the HTTP packets.
    It seems the vendor removed the call to a class called "LocalizedTextUtil" from the .java file that manages the uploading of the files on the servers.

    [​IMG]

    More info here: http://blog.trendmicro.com/trendlab...e-struts-vulnerability-remote-code-execution/

    An interesting read. Keep in mind that often malcoders use exploits also to spread ransomware (such as Petya, Tesla, Petya Goldeneye, etc.) and they manage to do that because of vulnerabilities, for example an hacker could inject JavaScript malicious code in a web page, which is the downloader of a ransomware for example.
    So, it is always important to have a strong security configuration with all layers well covered to prevent this type of infections; UAC and SmartScreen are always fundamental for a better security.
     
    RGiskardR likes this.

Share This Page