A web server exploit that was recently patched is being heavily attacked and compromised on the Internet. A security vulnerability is being exploited by hackers in the Apache Struts two web server. Financial institutions such as banks, credit unitions, government agencies, and large Internet corporations are at risk from this web server vulnerability.
This vulnerability can allow a remote user to capture almost full control of a web server. This open source software was patched two days ago. However, since this patch was released, hackers are able to easily compromise systems that have not yet been patched.
This is a software programming code executing a bug. Also, there are two variations of this bug available. Jakarta file upload multipart parser is the exact utility where this bug resides.
Hackers are primarily submitting probing commands and then releasing malware. Apache Struts web server version two dot three dot five 2.3.5 to two dot three dot thirty one 2.3.31 includes this vulnerability. Apache Struts web server version two dot five 2.5 through two dot five dot ten 2.5.10 also includes this vulnerability.
Web servers running Apache Struts version two dot three dot thirty two 2.3.32 or two dot five dot ten dot one 184.108.40.206 should be upgraded as soon as possible. This security vulnerability requires no authentication, is highly reliable, and is pretty easy to implement.
Peter Bright, a technology editor, claims that perhaps one reason why this exploit is being compromised so much is that this exploit requires code to become recompiled. Applications using Apache Struts version two web servers must be recompiled with this patch. Quite often, patches are just installed and services for software are restarted or a web server is rebooted instead.
Having to recompile computer software programming code requires expertise that an average enduser may not possess. This process is not as easy as just downloading a web server update then installing it. Follow by restarting the web server service or restarting the physical server that that web server software is installed on.
Basically, any individual can upload a file to an Apache Struts web server version two. Then that file can execute programming code remotely, which is often times referred to as remote code execution. This is a huge web server security risk.
A malicious content type value would be used. If this value is not valid, then an exception would occur. An error message will be displayed to the enduser.
This vulnerability deals exclusively with the Jakarta-based file upload multi part parser utility. You should upgrade Apache Struts web server version two to version two dot three dot thirty two 2.3.32 or to version two dot five dot ten dot one 220.127.116.11.
Another option is to use a different multipart parser implementation. There are two workarounds available. However, this would require an individual that has some computer programming experience.
You would want to create a "Servlet" filter. This filter would validate the "Content-Type". If any values do not match the "multipart/form-data" object, then this request would be denied. The second work around would require you to remove the "File Upload Interceptor" from this abstract data stack.
You will create a custom data stack. Then set your custom data stack as default. This second workaround will work only for Apache Struts versions two dot 5 dot eight 2.5.8 through two dot five dot ten 2.5.10.
Apache Struts – Web Server Vulnerability Found Video Transcript
Ultra video party a quick video
pertaining to the suppose she struts web
server vulnerability that has been found
in the wild recently actually this was
patched two days ago however there are
quite a few hackers and attackers using
this exploit to their advantage and one
reason why it could be there's a
security researcher Peter bright or a
security editor Peter bright claims that
this is kind of a different type of a
patch a lot of times with web servers
and code when you install a patch you
just install the patch and you restart
those services that that code uses like
on Linux you would just restart the the
service for that software whereas in
this case this Apache Strutt software
it's open source it's open source to the
public however this requires that you
have you have to recompile that software
so any software application that uses
Apache struts has to become recompiled
with the Pat the patch in place so it's
a little bit different and so he thinks
maybe that's why there's a lot of now
this is affecting banks governments and
agencies as well as large internet
corporations so there's quite a few
entities out there that are at risk so
basically it lives in I think it's the
Jakarta file upload multi-part parser it
can allow remote users to basically
compromise your entire web server or
just about just about your entire web
server they don't they don't need to
authenticate what else there's three
aspects there's two variations of this
bug out in public it's a code executing
bug they've been basically they've been
sending probing commands to the this a
web server with this vulnerability and
also malware they've been infecting web
servers with malware
but there was three aspects that I want
to go over about this let me see if I
can find it
other submitting probing commands and
releasing malware so very interesting it
doesn't affect me my website I don't use
this Apache struts oh this is probably
important if you have a patchy stress
version 2.3.5 to 2.3.3 one you want to
upgrade that if you have a patchy stress
2.5 through 2.5 to 10 you want to
upgrade and you want to upgrade Apache
struts to 2.3.3 2 or 2.5 10.1 you should
upgrade immediately but you're gonna
have to recompile that code i'll here
here's the three main points i want to
go over muy rapido
it requires no authentication it's
highly reliable these exploits are
highly reliable and they're pretty easy
to implement for hackers attackers saw
there was an Apache struts web server
vulnerability security vulnerability
found active uh deals