New Apache Struts 0Day Exploit

(March 8, 2017) Cisco Talos group has identified attacks against a 0Day vulnerability in Apache Struts, which is a popular Java app framework. An advisory was issued Monday, stating the problem exists in the Jakarta Multipart parser. An attacker could perform a RCE attack with a malicious contenttype value. Users were advised to upgrade or switch to a different implementation of the parser. Numerous attacks appeared to be taking advantage of a publicly released proof of concept to run assorted commands. Struts was previously compromised by Chinese hackers in 2014, who exploited known vulnerabilities to install a backdoor. Message here: keep patches current.

Source: http://www.csoonline.com/article/3178744/security/cisco-and-apache-issue-warnings-over-zero-day-flaw-being-targeted-in-the-wild.html#tk.twt_cso

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s