Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Apache Struts Vulnerability Under Attack

    By
    Sean Michael Kerner
    -
    March 10, 2017
    Share
    Facebook
    Twitter
    Linkedin
      apache struts

      The open-source Apache Struts 2 technology is a widely used framework component in Java applications and it’s currently under attack. The attacks follow the March 6 disclosure by the Struts project for a Remote Code Execution (RCE) vulnerability identified as CVE-2017-5638.

      The CVE-2017-5638 issue was patched the same day as the Struts project made the disclosure, though multiple security firms have observed that attackers are actively going after unpatched systems.

      “It is possible to perform a RCE attack with a malicious Content-Type value,” the Apache Struts project warns in its advisory. “If the Content-Type value isn’t valid, an exception is thrown which is then used to display an error message to a user.”

      John Matthew Holt, Waratek Founder and CTO, commented in an email statement, that the Struts vulnerability is critical because the attack can be achieved without authentication. To make matters worse, web applications don’t necessarily need to successfully upload a malicious file to exploit this vulnerability, as just the presence of the vulnerable Struts library within an application is enough to exploit the vulnerability.

      “For users who have made custom changes on Struts source code, it could take days or weeks to upgrade,” Holt stated.

      Rapid7 is among the security vendors that are actively tracking the Struts vulnerability as well as enabling organizations to test if they are at risk. Rapid7 is the lead commercial sponsor behind the open-source Metasploit penetration testing framework There is an in-development module for Metasploit now that enables researchers to test the Struts issue.

      “Pen testers can download the current version of the code from GitHub but the module still needs some adjustments and quality control review before being added to the official project codebase,” Tom Sellers, Threat Analysis & Security Researcher at Rapid7, told eWEEK.

      In addition to Metasploit, Rapid7 has operated the Heisenberg Cloud since November 2016, providing a cloud honeypot network on Amazon Web Services, Microsoft Azure, Digital Ocean, Rackspace, Google Cloud Platform and IBM SoftLayer—to see what kind of attacks are occurring.

      “The Heisenberg Cloud honeypots are passive listeners so their contribution will be data on how widespread and frequent the attacks are,” Sellers explained.

      As it turns out, the Heisenberg Cloud started seeing malicious requests related to the Apache Struts vulnerability on Tuesday, March 7th. The attack probes spiked on Wednesday March 8, nearly two days after the Struts project released its patch and security advisory for CVE-2017-5638. Though there has been attack traffic, it hasn’t been a growing trend.

      “We’ve actually seen a drop off in related traffic since Wednesday March 8th,” Sellers said. “This may be a temporary lull as attackers figure out how to best leverage the vulnerability or are waiting for attention to move elsewhere.”

      From an attack payload perspective, Sellers noted that to date, Rapid7 has not seen the CVE-2017-5638 issue used as a vector to install ransomware.

      “The malware that we have seen to date has been DDoS related,” Sellers said.

      Given that Struts is infrastructure software that is embedded in running systems, it’s not always an easy task for organizations to patch. In fact, Sellers expects that attackers will be making use of the CVE-2017-5638 Struts vulnerability for quite some time.

      “We still see attacks using MS08-067 (Conficker) against Heisenberg Cloud honeypots a decade after its public disclosure and patch by Microsoft,” Sellers said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×