Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

Aston Villa Football Club →

EVENT CALENDAR

May

May TRU Intelligence Briefing

May

Elevate IT Technology Summit Kansas City

May

Cybersecurity Summit Toronto

May

Cybersec Brussels

May

Cybersecurity Summit Austin

View Calendar →

LATEST PRESS RELEASE

Mar 06, 2025

eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale

View Newsroom →

OUR PARTNERSHIPS

Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More

Partners

PARTNER PROGRAM

We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.

LEARN MORE →

Apply to become an e3 ecosystem partner with eSentire today.

APPLY NOW →

Speak With A Security Expert Now

TALK TO AN EXPERT

The eSentire threat intelligence team has observed ongoing network attacks targeting vulnerable Apache Struts 2 web frameworks. The vulnerability CVE-2017-5638 is being actively exploited in the wild resulting in the compromise of integrity and confidentiality of web servers. All customers are advised to scan for and perform remediation on any vulnerable servers on their network immediately.

The Vulnerability

The exploitation of the Struts 2 vulnerability allows the execution of arbitrary commands and remote code on the target server without any authentication. Attackers have been observed installing various types of malware onto vulnerable systems. Compromised web servers can be used to spread malware to website visitors, or users, the compromised server can hijack for ransom or used facilitate further attacks that may result in financial and reputational damage to the affected organizations.

Recommended Actions

Validate if you are using the Apache Struts 2 web application framework.
Be aware that all versions except 2.5.10.1 and 2.3.32 are considered to be vulnerable and should be patched as soon as possible.
If you are suspicious of compromise isolate the potentially affected server from the network and run a code validation to check for any unauthorized modifications.

eSentire Protection

eSentire will continue to monitor the networks of our customers for signs of exploitations and activity related to this attack.
Affected customers have been alerted as a part of monitoring practices.
eSentire is working closely with the security community and partners to monitor any external developments of this threat.
For CVS customers a check for CVE-2017-5638 will be included in the next weekly external and monthly internal scans. This scan can also be performed outside the schedule upon request if required it sooner.

Additional Details

Vulnerable versions of Apache Struts include 2.3.5 through 2.3.31 and 2.5 through 2.5.10. These should be upgraded to 2.3.32 or 2.5.10.1, which are not vulnerable.
The vulnerability affects the Jakarta file upload multipart parser, which is part of a standard deployment of Apache Struts 2.
Exploitation involves sending an HTTP payload with a specially crafted Content-Type value to the vulnerable server.
File upload functionality does not have to be enabled on the victim server in order for the vulnerability to be exploitable.

Additional Details

Vulnerability information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
Exploitation framework: https://github.com/rapid7/metasploit-framework/issues/8064

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Continuous Threat Exposure Management (CTEM)

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

MDR Packages and 24/7 Protection

MDR Pricing and Packages

Atlas Essentials

Atlas Advanced

Atlas Complete

24/7 Coverage

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

From The Blog

Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One

MDR Vendors: Complete Guide to Understanding Managed Detection & Response…

Identity is the New Attack Surface: Why Threat Detection Alone Isn't…

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

Maximum Severity SAP Vulnerability Exploited

CrushFTP Authentication Bypass