Apache Struts 2 Framework Vulnerability

A severe vulnerability has been detected in Apache Struts 2 framework and is being actively exploited in the wild.  Vulnerable platforms can have a remote malicious code executed on the server, potentially disabling server-based firewalls and deploying other types of malwares and code.

 

Severity

Critical

 

CVE Number

CVE-2017-5638

 

Impacted Platforms

  • Apache Struts 2.3.5 through 2.3.31
  • Apache Struts 2.5 through 2.5.10

 

Recommended actions

  • Please patch as soon as possible
  • For self-diagnosis, please complete the script below:

https://threatprotect.qualys.com/2017/03/08/apache-struts-jakarta-multipart-

parser-remote-code-execution-vulnerability/?_ga=1.174695586.1869652878.14890

20308

 

More information

https://cwiki.apache.org/confluence/display/WW/S2-045

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

http://www.securityweek.com/apache-struts-vulnerability-exploited-wild?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29