Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.
Apache Struts2 official released a security bulletin, the bulletin pointed out that Apache Struts2 Jakarta Multipart parser plug-in, there is a remote code execution vulnerability, vulnerability number CVE-2017-5638.
An attacker could use the plugin to upload a file by modifying the value of the Content-Length header and adding the malicious code to the Content-Disposition value, causing the Remote Code Execution.
This specific vulnerability can be exploited if the attacker sends a crafted request to transfer a file to a vulnerable server that uses a Jakarta-based module to handle the request.Proof of Concept ‘POC‘:
Security experts also examine malicious attack will turn off the firewall on the objective servers and after that drop malicious payloads, for example, IRC bouncers and DDoS bots.Exploit:
From Imperva security, this attack depends on Manipulating header type, we can detect and block the attack before it was mace public by using “Unauthorized Request Content Type” rule.
A proof of concept that shows the attack situation is openly accessible.The attacks originated from 1,323 IP addresses over 40 distinct nations.
Vulnerable Versions and Mitigation