Some of Our Sources
- BoingBoing
- Technology Review
- Team Treehouse
- Joshua Blankenship
- Abduzeedo
- Creative Curio
- Design Modo
- Daily Now
- The Verge
- TechPowerUp
Help Webnuz
Referal links:
March 10, 2017 12:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HTypCqZmRcM/apache-servers-under-attack-through-easily-exploitable-struts-2-flaw
Apache Servers Under Attack Through Easily Exploitable Struts 2 Flaw
Orome1 quotes a report from Help Net Security: A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. The vulnerability (CVE-2017-5638) affects the Jakarta file upload Multipart parser in Apache Struts 2. It allows attackers to include code in the "Content-Type" header of an HTTP request, so that it is executed by the web server. Almost concurrently with the release of the security update that plugs the hole, a Metasploit module for targeting it has been made available. Unfortunately, the vulnerability can be easily exploited as it requires no authentication, and two very reliable exploits have already been published online. Also, vulnerable servers are easy to discover through simple web scanning. "Struts 2 is a Java framework that is commonly used by Java-based web applications," reports SANS ISC in their blog. "It is also known as 'Jakarta Struts' and 'Apache Struts.' The Apache project currently maintains Struts." Cisco Talos also has a blog detailing the attack.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HTypCqZmRcM/apache-servers-under-attack-through-easily-exploitable-struts-2-flaw
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot