Masergy BlogTransforming Enterprise IT

Hackers Exploit Apache Struts Vulnerability to Compromise Corporate Web Servers

March 9, 2017
Craig D’Abreo
Severity: High
Apache Struts Multipart parser 0-day (CVE-2017-5638)

A remote code execution vulnerability affecting the default Jakarta Multipart parser in Apache Struts has recently been disclosed.

This vulnerability allows an attacker to execute code on the server by modifying the Content-Type value during a file upload. Successful exploitation allows the attacker to run system commands, including downloading and executing malicious payloads.

Additional information can be found at:

Recommendations:

  • If you are using the Jakarta file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or 2.5.10.1.
  • If you are unable to update, there are a couple of workarounds available:
    • Switch to a different implementation of the Multipart parser such as the Pell Multipart plugin.
    • Implement a Servlet filter, which validates the Content-Type value and discards suspicious values not matching multipart/form-data.

Vulnerable Versions:

  • Struts 2.3.5 - Struts 2.3.31
  • Struts 2.5 - Struts 2.5.10

Patches:

The Apache Foundation has released Struts 2.5.10.1 and 2.3.32 which are not vulnerable and are available for download at the link below:

About the Author

REQUEST A FREE CONSULTATION

 

Free Consultation