Security News > 2017 > September > Easily exploitable Apache Struts vulnerability opens businesses to attack (Help Net Security)
A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. It can be exploited easily, by sending a specially crafted web request to the application and, according to SANS ISC handler Adrien de Beaupre, a working exploit has already been spotted. About the vulnerability The flaw (CVE-2017-9805) was spotted during a static code analysis by researchers with software … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/-UsDdHqfRcY/
Related news
- Critical security hole in Apache Struts under exploit (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- Setting a security standard: From vulnerability to exposure management (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |