Apache Struts Vulnerability - Cyber Security Minute

Visit https://www.JasonDion.com for cyber security information, certification exam prep courses, and more.

Additional Courses:
** Network+ (N10-006): Full Course on Udemy (90% off, only $10) **
https://www.udemy.com/comptia-network...

** Anatomy of a Cyber Attack on Udemy (90% off, only $15) **
https://www.udemy.com/anatomy_cyber_a...

-=-=-=-=-=-=-=-=-=-=-=-=-=-
This week’s we are going to focus on a recent vulnerability whose exploit has been making its way around the Internet in the past few weeks: Apache Struts.

So, in this week’s episode, we are going to answer three questions in just a minute or two. First, what is Apache Struts? Second, what exactly is the vulnerability being exploited? And, third, how does the exploit work?

So, why is Apache Struts? Well, we aren’t talking about a mechanical part on the Army’s helicopters, here, we are talking about an open-source web application framework used for developing Java EE web applications. Basically, it is used by web developers to adopt a model-view-controller architecture, allowing a Java Servlet to interact with the database on behalf of the webpage form.

So, what is the vulnerability that has been identified? Well, in CVE-2017-5638, the vulnerability has been identified as permitting unauthenticated Remote Code Execution (RCE) through a specially crafted Content-Type value in an HTTP request. Basically, the attacker creates an invalid value for Content-Type which causes the vulnerable software to throw an exception, but when the software attempts to prepare the error message for display, a flaw in the Apache Struts Jakarta Multipart parser causes the malicious Content-Type value to be executed instead of being displayed.

So, how does the exploit work? Well, when the Content-Type is executed, this allows the attacker to then run a payload, normally shell code, to cause the hacker’s desired effect.

This particular exploit was first spotted on March 7th from a host in Zhengzhou, China. Essentially, the exploit appears to be a standard command injection or remote code execution attack against a web server. The next day, a different variation was seen, where an attacker from Shanghai, China modified the original attack to also attempt to stop a firewall on the service first, then attempt to download and execute some malicious remote code.

So, how can you prevent this vulnerability and exploit from affecting you? Well, first you should determine if you are running the affected versions of Struts (2.3.5 - 2.3.31 and 2.5 - 2.5.10). If you are, please upgrade to Struts 2.3.32 or 2.5.10.1, which are patched against this vulnerability. Also, if you have compiled an application using the vulnerable version of Struts, you may wish to look at recompiling those programs after you have upgraded Struts to ensure the vulnerability hasn’t been transferred into yours compile software in a production environment.

I hope you enjoyed this weeks Cyber Security Minute. If you have a question for the Cyber Security Minute, please post it in the comments below and I look forward to seeing you here next Monday on the Cyber Security Minute.

Apache Struts Vulnerability - Cyber Security Minute it certifications cost
34 Likes	34 Dislikes
2,085 views views	9.04K followers
Education	Upload TimePublished on 3 Apr 2017

Related keywords

information technology management,it certifications online,it certifications houston,it certifications worth getting,information technology ltda,it certifications for veterans,it certifications near me,it certifications san diego,it certifications classes,cyber security tokyo,it certifications to get,it certifications free,information technology reading comprehension,information technology s.a,information technology book,information technology examples,it certifications nyc,information technology traduccion,cyber security market,information technology consulting,cyber securityとは,it certifications 2019,cyber security management system,information technology staff,it certifications online free,cyber security cloud,cyber security pro アンインストール,it certifications roadmap,cyber security 意味,cyber security framework,cyber security analyst,information technology definition,information technology salary,information technology department,cyber security news,cyber security act,it certifications chicago,it certifications list,it certifications for beginners,information technology infrastructure library,cyber security conference,information technology jobs,it certifications in demand,information technology and communication,it certifications salary,cyber security pro,information technology outsourcing,information technology revista,cyber security japan,cyber security pro 新しいネットワークが検出されました,cyber security cloud managed rules,cyber security university,cyber security company,it certifications reddit,information technology pdf,information technology engineering,cyber security measures,cyber security report,information technology services,