Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.
Apache Struts2 official released a security bulletin, the bulletin pointed out that Apache Struts2 Jakarta Multipart parser plug-in, there is a remote code execution vulnerability, vulnerability number CVE-2017-5638.
An attacker could use the plugin to upload a file by modifying the value of the Content-Length header and adding the malicious code to the Content-Disposition value, causing the Remote Code Execution.
This specific vulnerability can be exploited if the attacker sends a crafted request to transfer a file to a vulnerable server that uses a Jakarta-based module to handle the request.
Proof of Concept ‘POC‘:Security experts also examine malicious attack will turn off the firewall on the objective servers and after that drop malicious payloads, for example, IRC bouncers and DDoS bots.
Exploit:From Imperva security, this attack depends on Manipulating header type, we can detect and block the attack before it was mace public by using “Unauthorized Request Content Type” rule.
A proof of concept that shows the attack situation is openly accessible.The attacks originated from 1,323 IP addresses over 40 distinct nations.
Also Read:
A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm, has…
A newly uncovered cyber campaign, dubbed "BadPilot," has been linked to a subgroup of the…
Cybersecurity analysts have identified that hackers are leveraging the open-source Pyramid pentesting tool to establish…
Foreign adversaries, including Russia, China, and Iran, are intensifying their efforts to manipulate public opinion…
Netskope Threat Labs has uncovered a sophisticated phishing campaign targeting users across various industries, including…
A critical security vulnerability in the "Security & Malware scan by CleanTalk" plugin has left…