Monday, March 20, 2017

Circling the Wagons Against Apache Struts2 0-Day

Apache Struts is an open source framework for creating Java applications. A new Apache Struts 0-day is currently being exploited in the wild. Multiple variants of attack code, as well as pastes of Proof of Concept (PoC) code, have already been discovered in open sources. The Apache Struts2 vulnerability affects numerous industries and potentially worldwide critical infrastructure. We assess with high confidence that the Apache Struts2 vulnerability will continue to be heavily exploited until network systems are patched. Members are highly encouraged to implement countermeasures and install patches as soon as possible.

Wapack Labs has cataloged and reported extensively on Apache Struts in the past. An archive of related reporting can be found in the Red Sky Alliance portal in the Red Sky Alliance Portal.