Apache Struts2 Remote Code Execution Vulnerability S2-046

Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts.

Apache Struts2 official released a security bulletin, the bulletin pointed out that Apache Struts2 Jakarta Multipart parser plug-in, there is a remote code execution vulnerability, vulnerability number CVE-2017-5638.

An attacker could use the plugin to upload a file by modifying the value of the Content-Length header and adding the malicious code to the Content-Disposition value, causing the Remote Code Execution.

More Information:

This specific vulnerability can be exploited if the attacker sends a crafted request to transfer a file to a vulnerable server that uses a Jakarta-based module to handle the request.

Proof of Concept ‘POC‘:

Security experts also examine malicious attack will turn off the firewall on the objective servers and after that drop malicious payloads, for example, IRC bouncers and DDoS bots.

Exploit:

A proof of concept that shows the attack situation is openly accessible.The attacks originated from 1,323 IP addresses over 40 distinct nations.

Vulnerable Versions and Mitigation

• MajikPOS Dual malware targeting businesses across North America and Canada.
• “Super Malware” Steals Encryption Keys From Intel SGX Isolated Memory Fields.
• Hancitor Makes First Appearance in Top Five Most wanted malware – February 2017.