Security News > 2017 > March > Apache servers under attack through easily exploitable Struts 2 flaw (Help Net Security)
2017-03-09 16:23
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are encouraged to upgrade to version 2.3.32 or 2.5.10.1 as soon as possible to avoid compromise. What is Apache Struts 2, and how is the vulnerability exploited? Apache Struts 2 is an open source web application framework for developing Java EE web applications. The vulnerability (CVE-2017-5638), discovered and reported … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/EHAnUViUdv4/
Related news
- Microsoft confirms memory leak in March Windows Server security update (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Apache Cordova App Harness Targeted in Dependency Confusion Attack (source)
- New attack leaks VPN traffic using rogue DHCP servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-11 | CVE-2017-5638 | Improper Input Validation vulnerability in Apache Struts The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 10.0 |