Researchers discovered a critical and easily exploitable vulnerability in Apache Struts framework recently. Exploitation can lead to remote command execution and complete control of the machine via web server. Web Server running on port 80/443 is not blocked by firewall and can be exploited at ease.
Here is the original note from research group -
https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement
Here is the CVE entry –
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805
Technically speaking, vulnerability was discovered in REST plugin, REST allows processing of XML streams via XStreamHandler. It is imperative to do some filtering at the code layer before deserialization. Defect and missing protection against these types of payload must have caused this exploitable opening.
Fix your Struts (CVE-2017-9805) by upgrading to 2.5.13 or 2.3.34 along with upgrading the plugin.
Here is the original note from research group -
https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement
Here is the CVE entry –
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805
Technically speaking, vulnerability was discovered in REST plugin, REST allows processing of XML streams via XStreamHandler. It is imperative to do some filtering at the code layer before deserialization. Defect and missing protection against these types of payload must have caused this exploitable opening.
Fix your Struts (CVE-2017-9805) by upgrading to 2.5.13 or 2.3.34 along with upgrading the plugin.