Security firm warns of attacks via critical vulnerability in Apache Struts
Cisco’s security component Talos has issued a warning for a large number of attacks via a vulnerability in the Apache Struts 2 framework, which allows malicious actors to execute code remotely. It affects users of the Jakarta Multipart parser.
In an advisory, the team behind Struts writes that users should update to version 2.3.32 or 2.5.10.1. The Talos alert reports a large number of detected exploit events. In doing so, attackers use a publicly available proof of concept exploit to attack vulnerable servers.
The vulnerability, with attribute CVE-2017-5638, allows remote code execution via a file upload with the Jakarta Multipart parser. According to security company Qualys, it is possible to take over a complete system in this way. Talos notes that attacks of different levels occur. For example, there are variants that only check whether a system is vulnerable and other variants that disable firewalls and then bring malware into the system.