Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits
|
Tag Archive for: Apache
Ransomware Gang Made Over $100000 by Exploiting Apache Struts Zero-Day – BleepingComputer
|
Ransomware Gang Made Over $ 100000 by Exploiting Apache Struts Zero–Day
BleepingComputer For their attacks, the groups are using a zero–day in Apache Struts, disclosed and immediately fixed last month by Apache. The vulnerability, CVE-2017-5638, allows an attacker to execute commands on the server via content uploaded to the Jakarta … |
Apache Struts 2 exploit used to install ransomware on servers
Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.
The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638.
The flaw is located in the Jakarta Multipart parser in Apache Struts 2 and allows attackers to execute system commands with the privileges of the user running the web server process.
This vulnerability was patched on March 6 in Struts versions 2.3.32 and 2.5.10.1. Attackers started exploiting the flaw almost immediately, leaving very little time for server administrators to deploy the update.
To read this article in full or to leave a comment, please click here
Cisco issues critical warning around Apache Struts2 vulnerability
Cisco’s security team today called the weakness in Apache Struts “critical” and is evaluating many its products to assess the impact.
The company said it will publish a list of vulnerable products here as it learns of them.
Earlier this week Apache revealed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could let an attacker execute commands remotely on the targeted system using what’s known as acrafted Content-Type header value.
-More on Network World: Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain+
To read this article in full or to leave a comment, please click here