A web server exploit that was recently patched is being heavily attacked and compromised on the Internet. A security vulnerability is being exploited by hackers in the Apache Struts two web server. Financial institutions such as banks, credit unitions, government agencies, and large Internet corporations are at risk from this web server vulnerability.
This vulnerability can allow a remote user to capture almost full control of a web server. This open source software was patched two days ago. However, since this patch was released, hackers are able to easily compromise systems that have not yet been patched.
This is a software programming code executing a bug. Also, there are two variations of this bug available. Jakarta file upload multipart parser is the exact utility where this bug resides.
Hackers are primarily submitting probing commands and then releasing malware. Apache Struts web server version two dot three dot five 2.3.5 to two dot three dot thirty one 2.3.31 includes this vulnerability. Apache Struts web server version two dot five 2.5 through two dot five dot ten 2.5.10 also includes this vulnerability.
Web servers running Apache Struts version two dot three dot thirty two 2.3.32 or two dot five dot ten dot one 2.5.10.1 should be upgraded as soon as possible. This security vulnerability requires no authentication, is highly reliable, and is pretty easy to implement.
Peter Bright, a technology editor, claims that perhaps one reason why this exploit is being compromised so much is that this exploit requires code to become recompiled. Applications using Apache Struts version two web servers must be recompiled with this patch. Quite often, patches are just installed and services for software are restarted or a web server is rebooted instead.
Having to recompile computer software programming code requires expertise that an average enduser may not possess. This process is not as easy as just downloading a web server update then installing it. Follow by restarting the web server service or restarting the physical server that that web server software is installed on.
Basically, any individual can upload a file to an Apache Struts web server version two. Then that file can execute programming code remotely, which is often times referred to as remote code execution. This is a huge web server security risk.
A malicious content type value would be used. If this value is not valid, then an exception would occur. An error message will be displayed to the enduser.
This vulnerability deals exclusively with the Jakarta-based file upload multi part parser utility. You should upgrade Apache Struts web server version two to version two dot three dot thirty two 2.3.32 or to version two dot five dot ten dot one 2.5.10.1.
Another option is to use a different multipart parser implementation. There are two workarounds available. However, this would require an individual that has some computer programming experience.
You would want to create a "Servlet" filter. This filter would validate the "Content-Type". If any values do not match the "multipart/form-data" object, then this request would be denied. The second work around would require you to remove the "File Upload Interceptor" from this abstract data stack.
You will create a custom data stack. Then set your custom data stack as default. This second workaround will work only for Apache Struts versions two dot 5 dot eight 2.5.8 through two dot five dot ten 2.5.10.
Apache Struts – Web Server Vulnerability Found Video Transcript
0:00
Ultra video party a quick video
0:03
pertaining to the suppose she struts web
0:05
server vulnerability that has been found
0:08
in the wild recently actually this was
0:10
patched two days ago however there are
0:13
quite a few hackers and attackers using
0:16
this exploit to their advantage and one
0:21
reason why it could be there's a
0:23
security researcher Peter bright or a
0:25
security editor Peter bright claims that
0:28
this is kind of a different type of a
0:30
patch a lot of times with web servers
0:32
and code when you install a patch you
0:38
just install the patch and you restart
0:40
those services that that code uses like
0:43
on Linux you would just restart the the
0:46
service for that software whereas in
0:50
this case this Apache Strutt software
0:53
it's open source it's open source to the
0:55
public however this requires that you
0:58
have you have to recompile that software
1:00
so any software application that uses
1:03
Apache struts has to become recompiled
1:07
with the Pat the patch in place so it's
1:11
a little bit different and so he thinks
1:13
maybe that's why there's a lot of now
1:15
this is affecting banks governments and
1:19
agencies as well as large internet
1:23
corporations so there's quite a few
1:27
entities out there that are at risk so
1:30
basically it lives in I think it's the
1:33
Jakarta file upload multi-part parser it
1:37
can allow remote users to basically
1:41
compromise your entire web server or
1:43
just about just about your entire web
1:45
server they don't they don't need to
1:47
authenticate what else there's three
1:49
aspects there's two variations of this
1:52
bug out in public it's a code executing
1:56
bug they've been basically they've been
2:01
sending probing commands to the this a
2:05
web server with this vulnerability and
2:07
also malware they've been infecting web
2:10
servers with malware
2:11
but there was three aspects that I want
2:13
to go over about this let me see if I
2:22
can find it
2:24
other submitting probing commands and
2:27
releasing malware so very interesting it
2:35
doesn't affect me my website I don't use
2:37
this Apache struts oh this is probably
2:40
important if you have a patchy stress
2:44
version 2.3.5 to 2.3.3 one you want to
2:47
upgrade that if you have a patchy stress
2:49
2.5 through 2.5 to 10 you want to
2:54
upgrade and you want to upgrade Apache
3:00
struts to 2.3.3 2 or 2.5 10.1 you should
3:07
upgrade immediately but you're gonna
3:09
have to recompile that code i'll here
3:13
here's the three main points i want to
3:15
go over muy rapido
3:17
it requires no authentication it's
3:20
highly reliable these exploits are
3:23
highly reliable and they're pretty easy
3:25
to implement for hackers attackers saw
3:28
there was an Apache struts web server
3:31
vulnerability security vulnerability
3:32
found active uh deals