Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.
Apache Struts2 official released a security bulletin, the bulletin pointed out that Apache Struts2 Jakarta Multipart parser plug-in, there is a remote code execution vulnerability, vulnerability number CVE-2017-5638.
An attacker could use the plugin to upload a file by modifying the value of the Content-Length header and adding the malicious code to the Content-Disposition value, causing the Remote Code Execution.
This specific vulnerability can be exploited if the attacker sends a crafted request to transfer a file to a vulnerable server that uses a Jakarta-based module to handle the request.
Proof of Concept ‘POC‘:Security experts also examine malicious attack will turn off the firewall on the objective servers and after that drop malicious payloads, for example, IRC bouncers and DDoS bots.
Exploit:From Imperva security, this attack depends on Manipulating header type, we can detect and block the attack before it was mace public by using “Unauthorized Request Content Type” rule.
A proof of concept that shows the attack situation is openly accessible.The attacks originated from 1,323 IP addresses over 40 distinct nations.
Also Read:
Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…
The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…
A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…
Meta has announced the removal of over 2 million accounts connected to malicious activities, including…
Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…