Apache Struts vulnerability being exploited by attackers
Apache Struts vulnerability being exploited by attackers

Last week a new vulnerability affecting Apache Struts was reported (CVE-2017-5638) that affects the Apache Struts Jakarta Multipart parser.

The vulnerability allows an unauthenticated attacker to execute code in the affected system by creating a specially-crafted Content-Type HTTP header.

Starting last Thursday (9 March 2017), AlienVault has seen a high number of attackers trying to exploit this vulnerability.

Different payloads have been observed, with some examples as follows:

As of today, using the telemetry we received from the AlienVault Open Threat Exchange (OTX), we have identified more than 400 unique sources that are attempting to exploit this vulnerability.

To address this threat, the AlienVault Labs team has created a Pulse in the OTX with the collection of payloads that are being delivered.

Since this vulnerability is being actively exploited in the wild, AlienVault's recommendation is to upgrade your Apache Struts version as soon as possible.

The vulnerable versions of Apache Struts are:

  • Struts 2.3.5 - Struts 2.3.31

  • Struts 2.5 - Struts 2.5.10

Upgrading to the following versions resolves the vulnerability:

For more information, you can check Apache's documentation HERE.