A Comprehensive Approach to Detect and Block the Struts Critical Vulnerability

0

qualys-logoWith hackers taking advantage of the Apache Struts vulnerability and aggressively attacking enterprises worldwide, Qualys can protect your organization from this critical bug, which is hard to detect and difficult to patch.

Recently disclosed, the Struts vulnerability is being actively attacked in the wild, as hackers jump at the chance to hit high-profile targets by exploiting this critical bug. Struts, an Apache open source framework for creating “enterprise-ready” Java web applications, is abundantly present in large Internet companies, government agencies and financial institutions.

For an informative walkthrough of the vulnerability and the Qualys detections, please view the Detect and Block Apache Struts Bug webcast recording.

The Lowdown on the Vulnerability

In its emergency security alert, Apache classified the vulnerability in Struts’ Jakarta Multipart parser as high risk, warning of remote code execution (RCE) attacks, which can lead to complete system compromises.

Specifically, the affected parser – present in Struts 2.3.5 to 2.3.31, and in 2.5 to 2.5.10 — mishandles file upload, which lets remote attackers execute arbitrary commands via a #cmd= string in a specially crafted Content-Type HTTP header, as described in the vulnerability’s CVE-2017-5638 entry.

Unfortunately, it’s very easy for hackers to spot vulnerable systems, and Struts exploits are publicly available, simple to carry out and reliable.

In our own detailed analysis, we noted that exploits of this vulnerability don’t necessarily require upload functionality to be implemented on a web app, and that they can be carried out with only the presence of a vulnerable library.

Tackle Struts with Qualys

Struts_BugWhile the solutions sound straightforward on the surface — upgrade to Struts version 2.3.32 or 2.5.10.1, or switch to a different implementation of the parser – detecting the bug can be tricky for organizations, and patching it can be complicated and time consuming.

As Ars Technica stated recently, fixing the Struts vulnerability isn’t always straightforward because web apps often must be rebuilt and older apps may require exhuming “long-forgotten source code” and carefully testing the finished binary.

But Qualys can help you protect your organization. With AssetView, ThreatPROTECT, Vulnerability Management, Web Application Scanning and Web Application Firewall all bundled together in Qualys Suite, you can find Struts in your environment quickly, comprehensively and at scale, as well as shield your organization from Struts attacks while you identify and patch vulnerable systems…Click HERE to read more

Share.

Comments are closed.