Threat Management, Malware, Patch/Configuration Management, Vulnerability Management

Attackers actively exploiting Apache Struts remote code execution bug


Almost immediately following the disclosure of a critical remote code execution bug in Apache Struts last Tuesday, exploit code for the vulnerability was published online and attackers also reportedly began exploiting the flaw.

In an Aug. 7 blog post, Cisco Talos reported that most of the exploitation activity its researchers have observed so far appears to be scanning for websites and systems that are potentially vulnerable to the bug, designated CVE-2017-9805. These outbound HTTP requests have predominantly been coming from, and sending data to, a web address with a Russian .ru top-level domain.

However, Talos did find one example of a threat actor leveraging the bug to serve an unidentified, possibly malicious file. Judging from past exploits of Struts vulnerabilities, the payload could have been a DDoS bot, spam bot, or one of various other malicious payloads, the blog post notes.

Moreover, Ars Technica reported on Wednesday that exploit code for the vulnerability was released on the open-source Metasploit frameowrk, just one day after the vulnerability was disclosed by the individual who discovered it, lgtm researcher Man Yue Mo. In conjunction with this disclosure, the Apache Struts security team released an update to its open-source web application framework in order to fix the vulnerability, which allows attackers to seize control of any server running REST applications built with its product, due to an unsafe data deserialization process. Developers of vulnerable web applications are strongly encouraged to upgrade to the latest Struts release, version 2.5.13.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.