Monday, January 27, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityNew Apache Struts Vulnerability Allows Attackers to Take Control Over Web Servers

New Apache Struts Vulnerability Allows Attackers to Take Control Over Web Servers

CVE/vulnerabilityWhat is

Published on

By Gurubaran
New Apache Struts Vulnerability Allows Attackers to Take Control Over Web Servers

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.

Security Expert from Man Yue Mo from lgtm found a remote code execution vulnerability in Apache Struts. This vulnerability has been assigned with Security Bulletin CVE-2017-9805

Experts found the vulnerability due to unsafe deserialization in Java.In the Last March also an RCE vulnerability reported by Nike Zheng with Struts 2.3.31 & 2.3.5.

Also Read :  ApacheStruts2 Remote Code Execution Vulnerability S2-046

What is Java Deserialization

Java deserialization weakness influences essentially all applications that acknowledge serialized Java objects and gives attackers an approach to increase a complete remote control of an application server.

The vulnerability enables aggressors to obtain total control over the server on which the application is facilitated and make a wide range of destruction.

The vulnerability enables aggressors to obtain total control over the server on which the application is facilitated and make a wide range of destruction.

As indicated by the researcher, the exploit is caused by the way Struts deserializes unsanitized client provided information.

An aggressor could transfer a malicious file and obtain control over an application subsequent to increasing remote code execution rights on the objective’s Struts-based application server.

An aggressor could transfer a malicious file and obtain control over an application subsequent to increasing remote code execution rights on the objective’s Struts-based application server.

Due to the severity of the vulnerability Man Yue he didn’t disclose more details about this vulnerability.He reported the Vulnerability to the vendor on 17 July 2017 and it has been fixed with Struts version 2.5.13 released yesterday.

This new version contains a fix for many security vulnerabilities.

  • CVE-2017-9793 – DoS attack is possible when using outdated XStream library with the Struts REST plugin
  • CVE-2017-9804 – Possible DoS attack when using URLValidator

Now the version has been published, Server administrators are strongly advised to update their Apache Struts as soon as possible.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

White House Considers Oracle-Led Takeover of TikTok with U.S. Investors

In a significant development, the Trump administration is reportedly formulating a plan to prevent...
cyber security

Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft

IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory...
Apache

Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows

A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through...
cyber security

GitHub Vulnerability Exposes User Credentials via Malicious Repositories

A cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

Chrome

Chrome Security Update – Patch for 3 High-Severity Vulnerabilities

Google has released a critical update for the Chrome browser, addressing three high-severity security...
CVE/vulnerability

Apache Solr For Windows instances Vulnerability Allows Arbitrary Path Write-Access

A critical security vulnerability (CVE-2024-52012) affecting Apache Solr instances on Windows has been identified,...
CVE/vulnerability

GitLab Security Update – Patch for Multiple Vulnerabilities

GitLab, the widely adopted DevOps platform, has announced the immediate release of versions 17.8.1, 17.7.3,...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved