Apache Struts

Pierluigi Paganini April 13, 2022
CVE-2021-31805 RCE bug in Apache Struts was finally patched

Apache addressed a critical flaw in Apache Struts RCE that was linked to a previous issue that was not properly fixed. Apache Struts is an open-source web application framework for developing Java EE web applications. The Apache Software Foundation urges organizations to address a vulnerability, tracked as CVE-2021-31805, affecting Struts versions ranging 2.0.0 to 2.5.29. […]

Pierluigi Paganini November 07, 2018
Apache Struts users have to update FileUpload library to fix years-old flaws

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. “Apache today released an advisory, urging users who run Apache Struts 2.3.x to […]

Pierluigi Paganini September 10, 2018
GAO Report shed the lights on the failures behind the Equifax hack

A new report from the U.S. Government Accountability Office (GAO) provides detailed information of the Equifax hack. The Equifax hack occurred in May 2017 when attackers exploited the CVE-2017-5638 Apache Struts vulnerability in the Jakarta Multipart parser upload function. The flaw allowed the attacker to make a maliciously crafted request to an Apache web server and gain access […]

Pierluigi Paganini September 10, 2018
Mirai and Gafgyt target Apache Struts and SonicWall to hit enterprises

Security experts with Unit 42 at Palo Alto Networks have discovered new variants of the Mirai and Gafgyt IoT malware targeting enterprises. Both botnets appear very interesting for two main reasons: The new Mirai variant targets the same Apache Struts vulnerability exploited in the 2017 Equifax data breach. The vulnerability affects the Jakarta Multipart parser upload […]

Pierluigi Paganini August 22, 2018
Expert discovered a Critical Remote Code Execution flaw in Apache Struts (CVE-2018-11776)

Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts versions from 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and […]

Pierluigi Paganini April 19, 2017
Oracle patch update for April 2017 also fixed Struts and Shadow Brokers exploits

Oracle patch update for April 2017 fixed a record number of vulnerabilities, including Apache Struts and Shadow Brokers exploits. Oracle has released security updates to fix flaws in its product, including Apache Struts and a Solaris exploit included in a dump leaked by the Shadow Brokers hackers and containing NSA documents and hacking tools. The Oracle patch update […]

Pierluigi Paganini April 14, 2017
Cisco warns of two critical issues in IOS and Apache Struts

Cisco issued two “critical” security advisories, one for Cisco IOS and Cisco IOS XE Software, another for a flaw affecting Apache Struts 2. Today Cisco issued two “critical” security advisories, the first one for Cisco IOS and Cisco IOS XE Software, the second one for the recently discovered flaw affecting Apache Struts 2. The vulnerability […]

Pierluigi Paganini March 14, 2017
Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2

Canada Revenue Agency confirmed it shut down its website for filing federal taxes due to a cyber attack leveraging the CVE-2017-5638 flaw in Apache Struts 2 The Canada Revenue Agency (CRA) confirmed it shut down its website for filing federal taxes after hackers broke into the server at the nation’s statistics bureau. The security breach occurred […]

Pierluigi Paganini March 09, 2017
Patch Apache Struts 2 Now! Hackers are exploiting a remote code execution zero-day in the wild

Researchers have spotted a remote code execution zero-day in Apache Struts 2, the flaw has being exploiting by that threat actors in the wild. Security researchers have spotted a remote code execution zero-day, tracked as CVE-2017-5638, in Apache Struts 2, and the bad news is that threat actors in the wild are already exploiting it. According to […]

Pierluigi Paganini September 05, 2014
IptabLes and IptabLex botnet targeting Linux servers to run large-scale DDoS attacks

Experts at Akamai-Prolexic discovered a botnet dubbed IptabLes and IptabLex that infects and exploits poorly-maintained Linux servers to run DDoS attacks. Akamai’s Prolexic division has uncovered a new botnet dubbed IptabLes and IptabLex, which was used in a series of attacks targeting malware based on Linux servers. The experts revealed that the IptabLes and IptabLex botnet compromises misconfigured and […]