New Apache Struts 2 Vulnerability Targets Servers
A new vulnerability has been found in Apache Struts 2 (vulnerability code is CVE-2017-9805), and open-source web application framework created to develop Java applications. This is not the first time a serious vulnerability is linked to Struts, and one of them was directly linked to the infamous Cerber Ransomware, which we discuss further in the report. The current vulnerability could be exploited to enable remote access to a vulnerable server. A security patch has been created to fix the issue, but many users still remain vulnerable. All Strut users are urged to apply the patch before cyber criminals exploit it to spread malware and take control of servers using the given remote access.
The biggest issue with the Apache Struts 2 vulnerability is that many web applications are built using this open-source framework, which means that cyber criminals have great chances at exploiting the vulnerability. The vulnerability itself, as mentioned previously, enables remote access, which can be achieved by performing remote code execution. As described by Margaret Rouse at whatis.com, remote code execution is the ability an attacker has to access someone else's computing device and make changes. Once the so-called attacker gains access to the targeted system, they have the ability to do whatever they want, which, in most cases, results in the downloading and executing of malware. That is one way for cyber criminals to spread their devious infections. If there is one single web application that uses the Apache Strut REST communication plugin, the server is vulnerable and could become a target of attackers.
Back in March 2017, vulnerability in the Apache Struts 2 (CVE-2017-5638) was employed for the distribution of the Cerber Ransomware. By exploiting the vulnerability, the creator of this infamous ransomware could execute a malicious code to a server and then encrypt all files found on it. Cyber criminals could run BITSAdmin, execute shell commands, and do other things that enabled them to download and execute the malicious infection. The devious Cerber Ransomware is a well-known file-encryptor that first emerged back in 2016. Once the files are encrypted, the threat introduces the victim to ransom demands that always include paying a ransom. Paying the ransom is not recommended because that is never exchanged for a decryptor that is promised. If you want to learn more about this malicious ransomware, click HERE.
As per usual, cyber attackers are after big companies and organizations. It is most important that the security vulnerability is patched, which can be done by downloading the 2.5.13 version of Apache Struts. Apache Software Foundation released this version with a patch. Unfortunately, that is unlikely to be enough to keep cyber criminals/attackers away. It is recommended that vulnerable sites are rebuilt and tested for malicious code. Developers are also advised to change the code that is employed to call the Struts framework. Since multiple apps can be run on one site, solving the security issues linked to the Apache Struts 2 exploit can be quite difficult and time-consuming. In this situation, downloading the latest version of Apache Struts and taking security measures is all that the developers of web applications can do. The responsibility, at least in this case, falls on Apache Software Foundation because the creator is responsible for discovering and patching vulnerabilities in time.