The eSentire Security Operations Center (SOC) is observing a widespread, marked increase of scanning and exploitation events across multiple targets originating from IP ranges across the globe.

What you should do about it:

We recommend scanning all internet facing servers for CVE-207-5638, and perform remediation on any vulnerable servers on their network immediately.  Observed exploitations allow the execution of arbitrary commands and remote code on the target server without any authentication. This takes advantage of the Jakarta Multipart parser in Apache Struts versions 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1.

  • Validate if you are using the Apache Struts 2 web application framework.
  • All versions except 2.5.10.1 and 2.3.32 are vulnerable and should be patched as soon as possible.

This security advisory has been issued as follow up to the CVE-2017-5638 Apache Struts 2 Remote Code Execution Vulnerability.

See the latest security advisories

Articles and reports written by eSentire staff and our Threat Intelligence Research Group.

Ready to get started?
We're here to help.

Get Started
Reach out to schedule a meeting and learn more about our Managed Detection and Response, Risk Advisory, and Managed Prevention capabilities.