Friday, September 8, 2017

(Advisory) Patch your Apache Struts

Researchers discovered a critical and easily exploitable vulnerability in Apache Struts framework  recently. Exploitation can lead to remote command execution and complete control of the machine via web server. Web Server running on port 80/443 is not blocked by firewall and can be exploited at ease.

Here is the original note from research group -
https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement

Here is the CVE entry –
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805

Technically speaking, vulnerability was discovered in REST plugin, REST allows processing of XML streams via XStreamHandler. It is imperative to do some filtering at the code layer before deserialization. Defect and missing protection against these types of payload must have caused this exploitable opening.

Fix your Struts (CVE-2017-9805) by upgrading to 2.5.13 or 2.3.34 along with upgrading the plugin.