6.8
CVSSv2

CVE-2017-9805

Published: 15/09/2017 Updated: 12/08/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 742
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The REST Plugin in Apache Struts 2.1.1 up to and including 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Vulnerability Trend

Vendor Advisories

The REST Plugin in Apache Struts2 is using a XStreamHandler with an instance of XStream for deserialization without any type filtering which could lead to Remote Code Execution when deserializing XML payloads An attacker could use this flaw to execute arbitrary code or conduct further attacks ...
On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity For more information about the vulnerabilities, refer to ...
Summary The REST Plugin in Apache Struts2 is using a XStreamHandler with an instance of XStream for deserialization without any type filtering which could lead to Remote Code Execution when deserializing XML payloads An attacker could use this flaw to execute arbitrary code or conduct further attacks Affected Products Brocade is inves ...
Oracle Security Alert Advisory - CVE-2017-9805DescriptionThe Apache Foundation’s fixes for CVE-2017-5638, an Apache Struts 2 vulnerability identified by Equifax in relation to Equifax’s recent security incident, were distributed by Oracle to its customers in the April 2017 Critical Patch Update, and should have already been applied to customer ...
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...

Exploits

# Exploit Title: Struts 25 - 2512 REST Plugin XStream RCE # Google Dork: filetype:action # Date: 06/09/2017 # Exploit Author: Warflop # Vendor Homepage: strutsapacheorg/ # Software Link: mirrornbtelecomcombr/apache/struts/2510/struts-2510-allzip # Version: Struts 25 – Struts 2512 # Tested on: Struts 2510 # CVE : 2 ...

Mailing Lists

Apache Struts versions 25 through 2512 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library ...
Apache Struts versions 25 through 2512 REST plugin XStream remote code execution exploit ...

Metasploit Modules

Apache Struts 2 REST Plugin XStream RCE

Apache Struts versions 2.1.2 - 2.3.33 and Struts 2.5 - Struts 2.5.12, using the REST plugin, are vulnerable to a Java deserialization attack in the XStream library.

msf > use exploit/multi/http/struts2_rest_xstream
      msf exploit(struts2_rest_xstream) > show targets
            ...targets...
      msf exploit(struts2_rest_xstream) > set TARGET <target-id>
      msf exploit(struts2_rest_xstream) > show options
            ...show and set options...
      msf exploit(struts2_rest_xstream) > exploit

Github Repositories

CVE-2017-9805 - Exploit

CVE-2017-9805 (S2-052)反弹Shell Exploit 影响版本 Struts 212 - Struts 2333, Struts 25 - Struts 2512 Poc Content-Type: application/xml &lt;map&gt; &lt;entry&gt; &lt;jdknashorninternalobjectsNativeString&gt; &lt;flags&gt;0&lt;/flags&gt; &lt;value class="comsunxmlinternalbindv2runtimeunmarshallerBase64D

Apache-Struts-25-2512---REST-Plugin-XStream-Remote-Code-Execution EDB-ID:42627 CVE:2017-9805 CVE-2017-9805 is a vulnerability in Apache Struts related to using the Struts REST plugin with XStream handler to handle XML payloads If exploited it allows a remote unauthenticated attacker to run malicious code on the application server to either take over the machine or launch

Better Exploit Code For CVE 2017 9805 apache struts

CVE-2017-9805py Better Exploit Code For CVE 2017 9805 apache struts Should be mostly error proof Why Recode? Found that most of the exploit code online simply used string concatenation to insert user supplied commands and insert into an XML string This isnt very reliable as XML requires certain special characters use encoding As such, it will trip an error cause those scri

Struts2_rce_XStream_Plugin An RCE attack is possible when using the Struts REST plugin with XStream handler to deserialize XML requests Affected Software:- Struts 212 - Struts 2333, Struts 25 - Struts 2512 CVE: CVE-2017-9805 For patch update the struts version to 2513

A vulnerability verification script for S2-052

S2-052 POC Usage: python CVE-2017-9805-S2-052-POCpy 127001/orders/ 脚本仅作为验证漏洞是否存在的POC

Exploit script for Apache Struts2 REST Plugin XStream RCE (‎CVE-2017-9805)

Vulnerability information Resources: * cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-9805 What is this? A python exploit script capable of executing remote commands into the shell of a system hosting a Struts2 vulnerable to S2-052 Usage ╭─root@blackshell ~/ ╰─# python s2-052py --target '1921680233/orders/3' --command "echo pwned | te

Apache Struts2 S2-052(CVE-2017-9805)远程代码执行漏洞 0x00 漏洞描述 Apache Struts是美国阿帕奇(Apache)软件基金会负责维护的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架。 Struts2是一个基于MVC设计模式的Web应用框架,它本质上相当于一个servlet,在MVC设计模式中,Struts2作为控制器

An exploit for Apache Struts CVE-2017-9805

apache-struts-pwn - CVE-2017-9805 Exploit An exploit for Apache Struts CVE-2017-9805 Usage Check if the vulnerability exists against a single URL python apache-struts-pwnpy --url 'examplecom/struts2-rest-showcase/orders/3' Check if the vulnerability exists against a list of URLs python apache-struts-pwnpy --list 'urlstxt' Exploit a single URL p

An exploit for Apache Struts CVE-2017-9805

struts-pwn - CVE-2017-9805 Exploit An exploit for Apache Struts CVE-2017-9805 Usage Check if the vulnerability exists against a single URL python struts-pwnpy --url 'examplecom/struts2-rest-showcase/orders/3' Check if the vulnerability exists against a list of URLs python struts-pwnpy --list 'urlstxt' Exploit a single URL python struts-pwnpy -

cve -2017-9805

Struts2 Vulnerability - CVE-2017-9805 Description Apache Struts2 REST Plugin XStream RCE(CVE-2017-9805) Usage Usage: cve_2017_9805_pocrb [target_uri] [cmd] #&gt; ruby cve_2017_9805_pocrb 127001 ping -c 4 19216801

Apache Stuts repository for CodeQL tutorial. Do not use this for production, known to have vulnerablity CVE-2017-9805.

Apache struts-CVE-2017-9805 Do not use this repository for production use, known to have vulnerablity CVE-2017-9805 Apache Stuts repository for CodeQL tutorial

CVE-2017-9805---Documentation---IT19143378

apache-exploit Description Apache exploit is a simple demonstration of the apache struts vulnerability (CVE-2017-9805) inside a single Kubernetes namespace There are no external dependencies other then the cluster DNS The purpose of running inside a Kubernetes namespace is simplicity This demo is intended to show how Aporto protects from the Apache Struts vulnerability and i

Holiday Hack 2017

HHC2017 Holiday Hack 2017 Report I Submitted for SANS Holiday Hack 2017 I Didn't have a lot of time to work on the report, so some details may be missing There may be something in here that will be helpful to someone pagedownloadpy will download all pages of the Great Book at once testcve20179805py is a script I downloaded from githubcom/mazen160/struts-pw

5 CVE scan and exploit

cve5scan 5 CVE scan and exploit The mission of this program the Scanning list of domain from 5 known security vulnerabilities listed with the source below Use Installation : sudo chmod +x setupsh sudo chmod +x cve5scansh /setupsh Run: /cve5scansh &lt;domainlisttxt&gt; If there is a result, it is stored in a output folder exploit CVE-2017-5638 : python cve/strut

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intruder Some exploits You might also like : Methodology and Resources

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intruder Some exploits You m

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

ActiveScan++ Burp Suite Plugin

ActiveScan++ ActiveScan++ extends Burp Suite's active and passive scanning capabilities Designed to add minimal network overhead, it identifies application behaviour that may be of interest to advanced testers: Potential host header attacks (password reset poisoning, cache poisoning, DNS rebinding) Edge Side Includes XML input handling Suspicious input transformation (eg

Automated Tools Pentest

ABOUT: Kn0ck is an automated scanner that can be used during a penetration testing to enumerate and scan for vulnerabilities KN0CK COMMUNITY FEATURES: Automatically collects basic recon Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info an

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

ABOUT: Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities DEMO VIDEO: FEATURES: Automatically collects basic recon (ie whois, ping, DNS, etc) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-doma

Payloads_All_The_Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

PayloadsAllTheThings_bak

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

Write-ups / walkthroughs of 'boot to root' Capture The Flag (CTF) challenges

Boot to root CTFs Walkthroughs and notes of 'boot to root' CTFs mostly from VulnHub that I did for fun I like to use vulnerable VMs from VulnHub (in addition to the ones I create) to organize hands-on penetration testing training sessions for junior security auditors/consultants :-) Classic pentest methodology to do a Boot2root CTF Step 1 - Scanning and enumeratio

Write-ups / walkthroughs of 'boot to root' Capture The Flag (CTF) challenges

Boot to root CTFs Walkthroughs and notes of 'boot to root' CTFs mostly from VulnHub that I did for fun I like to use vulnerable VMs from VulnHub (in addition to the ones I create) to organize hands-on penetration testing training sessions for junior security auditors/consultants :-) Classic pentest methodology to do a Boot2root CTF Step 1 - Scanning and enumeratio

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description an

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description an

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability descriptio

Payloads_All_The_Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description an

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

ReverseShellCommands

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

Web应用程序安全性和Pentest / CTF的有用负载和绕过列表

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

jok3r*Jok3r* is a Python3 CLI application which is aimed at **helping penetration testers for network infrastructure and web black-box security tests**.

raw:: html image:: /pictures/logopng raw:: html image:: imgshieldsio/badge/python-36-bluesvg :target: wwwpythonorg/downloads/release/python-366/ :alt: Python 36 image:: readthedocsorg/projects/jok3r/badge/?version=latest :target: jok3rreadthedocsio/en/latest/ :alt: Documentation ReadTheDocs image:: im

Jok3r - Network and Web Pentest Framework

Jok3r - Network and Web Pentest Framework Jok3r es una aplicación CLI de Python3 que está dirigida a ayudar a los auditores de penetración en infraestructuras de red y pruebas de seguridad web de black-box Su principal objetivo es ahorrar tiempo en todo lo que se puede automatizar en la red/web a auditar para disfrutar más tiempo en cosas más

Historical loopholes

漏洞引擎 漏洞收集整理,未经作者本人同意,谢绝转载。本文采用自己文章+外链合成,外链在文末注明来源!如有侵权请联系本人删除。所有漏洞提供漏洞利用文章和利用脚本,整理在我小密圈,链接如下: 点 击这 里就可 以拿到文 章和利用poc 最新最热 |@CVE-2019-0193_Apache Solr 远程命

Vulmap是一款漏洞扫描工具,可对Web容器、Web服务器、Web中间件以及CMS等Web程序进行漏洞扫描,并且具备漏洞利用功能。 相关测试人员可以使用vulmap检测目标是否存在特定漏洞,并且可以使用漏洞利用功能验证漏洞是否真实存在。

Vulmap - Vulnerability scanning and verification tools 中文版本(Chinese Version) русский(Russian Version) Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions Relevant testers can use vulmap to detect whether the target ha

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Exphub Exphub[漏洞利用脚本库] (想要star~) 目前包括Webloigc、Struts2、Tomcat、Drupal的漏洞利用脚本,均为亲测可用的脚本文件,尽力补全所有脚本文件的使用说明文档,优先更新高危且易利用的漏洞利用脚本 部分脚本或文件是搜集的,若有版权要求联系即改 鹅群:219291257 bilibili:spacebi

https://51pwn.com,Awesome Penetration Testing,hacker tools collection, metasploit exploit, meterpreter....struts2、weblogic, 0day,poc,apt,backdoor,VulApps,vuln,pentest-script

Twitter: @Hktalent3135773 penetration tools dependencies Command Description kali linux recommend system node js program runtime javac, java auto generate payload metasploit auto generate payload, and autoexploit gcc auto generate payload tmux auto background send payload, shell Bash base64, tr, nc, auto generate payload python auto genera

Jok3r v3 beta Network &amp; Web Pentest Automation Framework wwwjok3r-frameworkcomWARNING: Project is still in version 3 BETA It is still under active development and bugs might be present Many tests are going on: see githubcom/koutto/jok3r/blob/master/tests/TESTSrst Ideas, bug reports, contributions are welcome ! Overview Features Demos Architecture

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Jok3r v3 beta Network &amp; Web Pentest Automation Framework wwwjok3r-frameworkcomWARNING: Project is still in version 3 BETA It is still under active development and bugs might be present Many tests are going on: see githubcom/koutto/jok3r/blob/master/tests/TESTSrst Ideas, bug reports, contributions are welcome ! Overview Features Demos Architecture

The cheat sheet about Java Deserialization vulnerabilities

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks &amp; presentations &amp; docs Payload generators Exploits Detect Vulnerable apps (without

Compiled dataset of Java deserialization CVEs

Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/31 risk CV

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776
BleepingComputer • Catalin Cimpanu • 28 Aug 2018

After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week.
The vulnerability in question is tracked as CVE-2018-11776, a remote code execution flaw that allows an attacker to gain control over Struts-based web applications.
The vulnerability is not exploitable in default Struts configurations, according to an analysis by Palo Alto Networks, but the flaw is of intere...

Coinminer Campaigns Target Redis, Apache Solr, and Windows Servers
BleepingComputer • Catalin Cimpanu • 10 Mar 2018

Windows Server, Apache Solr, and Redis servers have been targeted this week by cyber-criminals looking to take over unpatched machines and install malware that mines cryptocurrency (known as a coinminer).
Two separate campaigns have been spotted, both very active this week. One by the Imperva crew, targeting Redis and Windows Servers, and another by the ISC SANS team, targeting Apache Solr installations.
The most active of the two was a campaign that Imperva nicknamed RedisWannaMine....

Oracle corrals and patches Struts 2 vulnerabilities
The Register • Richard Chirgwin • 27 Sep 2017

Big Red issues out-of-band patch for Apache and a few other urgent issues

Oracle has stepped outside its usual quarterly security fix cycle to address the latest Apache Struts 2 vulnerability.
Ever since it emerged at the start of September, CVE-2017-9805 has been (in the words of a former Australian prime minister) “a shiver looking for a spine to crawl up”, because so many vendors use Apache to build Web interfaces and bake Struts 2 into their their Web application framework.
Big Red's sprawling product set meant fixes had to be deployed across more ...

Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug
Threatpost • Chris Brook • 26 Sep 2017

Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities, including a critical remote code execution vulnerability (CVE-2017-9805) that could let an attacker take control of an affected system, late last week.
The Apache Software Foundation patched the RCE vulnerability, which affects servers running apps built using the Struts framework and its REST communication plugin, earlier this month.
Scores of Oracle products, roughly two dozen in total, are aff...

Equifax Confirms March Struts Vulnerability Behind Breach
Threatpost • Chris Brook • 14 Sep 2017

Equifax said the culprit behind this summer’s massive breach of 143 million Americans was indeed CVE-2017-5638, an Apache Struts vulnerability patched back in March.
The bug was widely assumed by experts to be the “U.S. website application vulnerability” implicated by the company last Thursday, especially after an Apache spokeswoman told Reuters on Friday that it appeared the consumer credit reporting agency hadn’t applied patches for flaws discovered earlier this year.
On We...

Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers
BleepingComputer • Catalin Cimpanu • 14 Sep 2017

In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. We quote:
Equifax's confirmation comes after a report from equity research firm Baird circulated last week blaming the same flaw.
At the time it was discovered, in March 2017, the Apache Struts CVE-2017-5638 vulnerability was a zero-day — a term used to describe security bug...

Apache Foundation Refutes Involvement in Equifax Breach
Threatpost • Chris Brook • 11 Sep 2017

A group of developers behind Apache Struts, believed by some to be the culprit behind last week’s Equifax breach, took umbrage with those claims over the weekend.
René Gielen, vice president of the Apache Struts Project Management Committee (PMC) at the Apache Software Foundation, wrote Saturday that if Struts was targeted, it’s unclear which vulnerability, if any was exploited.
The letter, which was written on behalf of the Struts PMC, was spurred by an internal analyst report...

Apache Foundation rebuffs allegation it allowed Equifax attack
The Register • Simon Sharwood • 11 Sep 2017

Timeline explains that either Equifax didn't patch old bugs, or was zero-dayed

The Apache Software Foundation has defended its development practices in the face of a report alleging its code was responsible for the Equifax data leak.
QZ.com, an outlet run by Atlantic Media, alleged that the hack was the result of an attack on Apache Struts, which as we reported last week was found to have a flaw allowing malware to be injected into corporate networks. The outlet pointed out that the flaw may have been present in Struts for nine years.
Which has Apache antsy, as...

Apache Struts Vulnerabilities May Affect Many of Cisco's Products
BleepingComputer • Catalin Cimpanu • 11 Sep 2017

Cisco has initiated a mass security audit of all its products that incorporate a version of the Apache Struts framework, recently affected by a series of vulnerabilities, one of which is under active exploitation.
Cisco engineers will test all the software products for four Apache Struts security bugs disclosed last week.
The company is keeping a list of To-Be-Tested, Vulnerable, and Confirmed Not Vulnerable products in two security advisories, here and here.
The first Cisco se...

New Apache Struts Vulnerability Puts Many Fortune Companies at Risk
BleepingComputer • Catalin Cimpanu • 06 Sep 2017

An estimated 65% of Fortune 100 companies could be vulnerable to a security bug discovered in Apache Struts, a popular Java MVC framework used in the development of many top-grade enterprise applications.
Man Yue Mo, a security with lgtm.com, found this flaw — tracked under the identifier of CVE-2017-9805. The vulnerability resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments.
According to the researcher, the weakness is caused by the way...

Apache Struts you're stuffed: Vuln allows hackers to inject evil code into biz servers
The Register • John Leyden • 05 Sep 2017

All versions of app framework since 2008 affected – so patch!

Malicious code can be pushed into servers running Apache Struts 2 apps, allowing scumbags to run malware within corporate networks.
The critical security vulnerability was discovered by researchers at Semmle, who today went public with their find. Apache Struts is a popular open-source framework for developing applications in Java.
All versions of Struts since 2008 are affected and all web applications using the framework’s popular ​REST plugin are​ ​vulnerable – exposing o...

Patch Released for Critical Apache Struts Bug
Threatpost • Tom Spring • 05 Sep 2017

The Apache Software Foundation has patched a critical remote code execution vulnerability affecting all versions of the popular application development framework Struts since 2008.
All web applications using the framework’s REST plugin are vulnerable. Users are advised to upgrade their Apache Struts components as a matter of urgency, according to Semmle, a software engineering analytics firm that first identified the bug.
“This particular vulnerability allows a remote attacker t...