Apache Struts 2 RCE (CVE-2017-5638)

Critical Nessus Network Monitor Plugin ID 700055

Synopsis

A payload has been detected that targets a critical vulnerability found in versions of Apache Struts 2.

Description

The remote web server is being targeted by an Apache Struts 2 exploitation attempt. Versions of Apache Struts 2.5.x prior to 2.5.10.1 and 2.3.x prior to 2.3.32 are affected by a flaw that is triggered when handling invalid Content-Type, Content-Disposition, or Content-Length values for uploaded files using the Jakarta Multipart parser. This may allow a remote attacker to potentially execute arbitrary code.

Solution

A remote service is attempting to exploit an Apache Struts vulnerability. Ensure that Apache Struts is patched with the latest available version, inspect the system for malicious code, and follow appropriate incident response procedures.

See Also

http://www.securityweek.com/apache-struts-flaw-used-deliver-cerber-ransomware

https://threatpost.com/apache-struts-2-exploits-installing-cerber-ransomware/124844

https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b

Plugin Details

Severity: Critical

ID: 700055

Family: Web Servers

Published: 2017/04/12

Modified: 2018/09/16

Dependencies: 8166

Nessus ID: 97576, 97610

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:struts

Patch Publication Date: 2017/03/06

Vulnerability Publication Date: 2017/03/06

Exploitable With

Metasploit (Apache Struts Jakarta Multipart Parser OGNL Injection)

Reference Information

CVE: CVE-2017-5638

BID: 96729