X CLOSE

Enter your email below to sign up for latest updates from Appcheck NG.

CLOSE

Simply complete the info below and we'll send you all you need to activate AppCheck NG and undertake your FREE scan.

Please enter individual IP addresses or ranges

Please enter full URLs for your web applications, and both http and https where appropriate

Apache Struts (CVE-2017-9805)


Apache Struts (CVE-2017-9805)

Security researchers announced (https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement), on 05 September 2017, a critical remote code execution vulnerability in Apache Struts.

All Struts versions from 2008 are affected making web applications using the REST plugin vulnerable. It is recommended to upgrade to Apache Struts version 2.5.13 or 2.3.34.

Exploitation of the vulnerability allows an attacker to execute arbitrary code on the application server. This can be exploited via a web request that takes advantage of the way Struts de-serializes untrusted data.

It has been claimed that at least 65% of Fortune 100 companies are using web applications built with the Struts framework. Additionally there have been reports of multiple working exploits, for CVE-2017-9805, being observed in the wild.

Since the announcement of CVE-2017-9805, the AppCheck research and development team have created a plugin to detect this in vulnerable Struts applications.