Apache Struts 2 Framework Vulnerability

A severe vulnerability has been detected in Apache Struts 2 framework and is being actively exploited in the wild. Vulnerable platforms can have a remote malicious code executed on the server, potentially disabling server-based firewalls and deploying other types of malwares and code.

Severity

Critical

CVE Number

CVE-2017-5638

Impacted Platforms

Apache Struts 2.3.5 through 2.3.31
Apache Struts 2.5 through 2.5.10

Recommended actions

Please patch as soon as possible
For self-diagnosis, please complete the script below:

https://threatprotect.qualys.com/2017/03/08/apache-struts-jakarta-multipart-

parser-remote-code-execution-vulnerability/?_ga=1.174695586.1869652878.14890

20308

Contact security@ubc.caabout performing credential Nessus scan
Regularly check Apache Struts Security Bulletins (https://cwiki.apache.org/confluence/display/WW/Security+Bulletins)

More information

https://cwiki.apache.org/confluence/display/WW/S2-045

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

http://www.securityweek.com/apache-struts-vulnerability-exploited-wild?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Current system status
and maintenance notifications

Apache Struts 2 Framework Vulnerability

Search

Categories

Archives

RSS Feeds

Current system status and maintenance notifications

Apache Struts 2 Framework Vulnerability

Search

Categories

Archives

RSS Feeds

Current system status
and maintenance notifications