Hackers Exploit Apache Struts Vulnerability to Compromise Corporate Web Servers

Hackers Exploit Apache Struts Vulnerability to Compromise Corporate Web Servers


A remote code execution vulnerability affecting the default Jakarta Multipart parser in Apache Struts has recently been disclosed.

This vulnerability allows an attacker to execute code on the server by modifying the Content-Type value during a file upload. Successful exploitation allows the attacker to run system commands, including downloading and executing malicious payloads.

Additional information can be found at:

Recommendations:

  • If you are using the Jakarta file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or 2.5.10.1.
  • If you are unable to update, there are a couple of workarounds available:
    • Switch to a different implementation of the Multipart parser such as the Pell Multipart plugin.
    • Implement a Servlet filter, which validates the Content-Type value and discards suspicious values not matching multipart/form-data.

Vulnerable Versions:

  • Struts 2.3.5 – Struts 2.3.31
  • Struts 2.5 – Struts 2.5.10

Patches:

The Apache Foundation has released Struts 2.5.10.1 and 2.3.32 which are not vulnerable and are available for download at the link below:

We've updated our privacy policy. We use cookies to improve the experience of our users, better understand how our website is used, and personalize advertising. By continuing to use this site you are giving us your consent to do this. You can read more and make cookie choices by visiting our privacy policy.