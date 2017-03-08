News

Cisco and Apache issue warnings over Zero-Day flaw being targeted in the wild

Cisco's Talos team says 0-day being targeted affects Apache Struts, updates available

CSO |

170301 mwc 03173
Credit: Martyn Williams
More like this

Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a number of active attacks.

In an advisory issued on Monday, Apache says the problem with Struts exists within the Jakarta Multipart parser.

"It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user," the warning explained.

"If you are using Jakarta based file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or 2.5.10.1. You can also switch to a different implementation of the Multipart parser."

The alternative is the Pell parser plugin, which uses Jason Pell's multipart parser instead of the Common-FileUpload library, Apache explains. More information can be found in their documentation.

In addition, administrators concerned about the issue could just apply the proper updates, which are currently available.

In a blog post, Cisco said they discovered a number of attacks that seem to be leveraging a publicly released proof-of-concept to run various commands. Such commands include simple ones ('whoami') as well as more sophisticated ones, including pulling down malicious ELF executable and running it.

An example of one attack, which attempts to copy the file to a harmless directory, ensure the executable runs, and that the firewall is disabled is boot-up, is below:

Attack example on Apache Struts Cisco Talos


Both Cisco and Apache urge administrators to take action, either by patching or ensuring their systems are not vulnerable.

This isn't the first time the Struts platform has come under attack. In 2013, Chinese hackers were using an automated tool to exploit known vulnerabilities in order to install a backdoor.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:

Steve Ragan is senior staff writer at CSO. Prior to joining the journalism world in 2005, Steve spent 15 years as a freelance IT contractor focused on infrastructure management and security.

How much is a data breach going to cost you?
You Might Like
Most Popular
smashed mailbox
Spammers expose their entire operation through bad backups

In January, MacKeeper researcher Chris Vickery contacted Salted Hash with an interesting discovery, and...

multidevice keyboard
52% off Logitech Bluetooth Multi-Device Keyboard - Deal Alert

Logitech has created a keyboard for your computer that also works with your tablet and smartphone. This...

nordvpn
Get 72% off NordVPN Virtual Private Network Service For a Limited Time - Deal

NordVPN has discounted their popular VPN software 72%. Use our link and see the discount applied when...

BrandPosts
Learn more
Popular Resources
Featured Stories
james comey fbi cyberconference
Comey: Strong encryption “shatters” privacy-security bargain

FBI director James Comey told a cybersecurity conference that “absolute privacy” has never been part of...

mass effect
20% off Pre-order of Mass Effect Andromeda - Deal Alert

For a limited time, if you're an Amazon Prime Member (or have a free trial) you can pre-order you'll...

iphone 7 lightning port
Apple has already fixed most of the iOS exploits the CIA used

The company responded to information from a WikiLeaks release of CIA documents that claim the agency...

french electoral card
Fears of election hacking spread in Europe

The French government will not allow internet voting in legislative elections to be held in June...