Attackers take advantage of Apache Struts vulnerabilities
Last week, a new and critical flaw in the Apache Struts Web application framework was reported by the developers. According to security researchers, the vulnerability affects a disproportionate number of high-impact websites.
An unauthenticated attacker can easily execute a code in the affected system simply by creating a specially crafted content type HTTP header.
Since last thursday, AlienVault has observed high number of attackers who try to exploit the vulnerability.
More than 400 unique sources are feared to have attempted to exploit the Apache Struts vulnerabilities.
In order to contain the situation AlienVault Labs team have created a Pulse in the OTX with the collection of payloads that are being delivered.
Since so many active threats are plaguing and exploiting the struts, AlienVault recommends their users to upgrade their Apache Struts version as soon as possible.
The vulnerable versions of Apache Struts are:
Struts 2.3.5 - Struts 2.3.31
Struts 2.5 - Struts 2.5.10
Upgrading to the following versions resolves the vulnerability:
Struts 2.3.32
Struts 2.5.10.1
Comments ( 0 )
No comments available