The eSentire Security Operations Center (SOC) is observing a widespread, marked increase of scanning and exploitation events across multiple targets originating from IP ranges across the globe.
What you should do about it:
We recommend scanning all internet facing servers for
- Validate if you are using the Apache Struts 2 web application framework.
- All versions except 220.127.116.11 and 2.3.32 are vulnerable and should be patched as soon as possible.
This security advisory has been issued as follow up to the CVE-2017-5638 Apache Struts 2 Remote Code Execution Vulnerability.