The eSentire Security Operations Center (SOC) is observing a widespread, marked increase of scanning and exploitation events across multiple targets originating from IP ranges across the globe.

What you should do about it:

We recommend scanning all internet facing servers for CVE-207-5638, and perform remediation on any vulnerable servers on their network immediately.  Observed exploitations allow the execution of arbitrary commands and remote code on the target server without any authentication. This takes advantage of the Jakarta Multipart parser in Apache Struts versions 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1.

  • Validate if you are using the Apache Struts 2 web application framework.
  • All versions except 2.5.10.1 and 2.3.32 are vulnerable and should be patched as soon as possible.

This security advisory been issued as follow up to the CVE-2017-5638 Apache Struts 2 Remote Code Execution Vulnerability.

eSentire Media Contacts

Mandy Bachus | eSentire | [email protected] | +1 519.651.2200 x5226 | @MandyBachus

Angela Tuzzo | MRB Public Relations | [email protected] | +1 732.758.1100 x105 | @MRB_PR

Ready to start the conversation about cybersecurity?
Talk to us today.
Let's Talk