On Wednesday, August 22, 2018, the Apache Foundation released a security bulletin for a critical vulnerability in the Apache Struts framework. This bulletin stated that the vulnerability, assigned CVE-2018-11776, could potentially allow for remote code execution if successfully exploited. Only a day later, on August 23, 2018, a researcher released a proof of concept (PoC) exploit for this vulnerability. https://github.com/jas502n/St2-057/blob/master/README.md On August 24, 2018, a Python script was released to make use of the exploit: https://github.com/pr4jwal/quick-scripts/blob/master/s2-057.py Shortly after the PoC code was released, Volexity began observing active scanning and attempted exploitation of the vulnerability across its sensor network. The in-the-wild attacks observed thus far appear to have been taken directly from the publicly posted PoC code. In this instance, Apache Struts is vulnerable due to a improper validation of namespace input data, and the flaw is trivial to exploit. Volexity has observed at least one threat actor attempting to exploit […]
