Apache Struts vulnerability CVE-2017-9805- Free Scan powered by Provensec

By : admin In: Articles, Blog September 14, 2017

What how when?

Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for developing web applications in the Java programming language, which supports REST, AJAX, and JSON and used by 65 % of the Fortune 100 organizations.

But Apache struts hits the market puts thousands of sites under tension, the widespread open-source software bundle was lately found affected by several vulnerabilities, including remote code execution (RCE) and it is believed that one of the vulnerability used to breach data of over 143 million Equifax users. A researcher named Man Yue Mo, a security with lgtm.com, found this flaw. Researchers determined that attackers can execute arbitrary code and commands on an affected Struts server, even behind an organization firewall, by sending a malicious protocol request. Method used to desterilize unsanitized user-supplied data is the reason for this vulnerability. The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering and this can lead to Remote Code Execution when desterilizing XML payloads. An attacker could upload a malformed file and take over an application after gaining remote code execution rights on the target’s Struts-based application server. Attackers can exploit the bug via HTTP requests or via any other socket connection.

Attackers can exploit this apache struts vulnerability to enter different zones of a network, well bypassing the organization protections like firewalls, gaining and even deploying Ransomware and different APTs.

What all versions are affected?

All Apache Struts versions from 2008 (2.1.2 - 2.3.33, 2.5 - 2.5.12) are affected. The 3 vulnerabilities—CVE-2017-9793, CVE-2017-9805, and CVE-2017-9804, included within the Cisco security audit were released by the Apache Software Foundation on 5th September with the release of patched Apache Struts 2.5.13.

How to test and Fix this vulnerability?

Organizations should inspect their source code, recognize the existence of the Apache Struts REST plugin that is vulnerable and upgrade it. Reviewed and updated applications must then be verified by pen testers and QA tested earlier they are redeployed into production. The Apache Struts Team on Monday released Apache Struts v2.5.13, which includes a fix for CVE-2017-9805.

Read More

You can use Provensec Apache Struts Tester to confirm this vulnerability in your application at http://provensec.com/struts2tester