November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Magecart Group 5 and Carbanak Stealing Credentials
October 25, 2019Rewterz Threat Alert – Citadel Banking Malware – IoCs
October 25, 2019Rewterz Threat Alert – Magecart Group 5 and Carbanak Stealing Credentials
October 25, 2019Rewterz Threat Alert – Citadel Banking Malware – IoCs
October 25, 2019
Severity
Medium
Analysis Summary
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. Currently, a Host from Hong Kong is found trying multiple Apache Struts exploits against web servers.
Impact
Remote Code Execution
Affected Vendors
Apache
Affected Products
- Apache Struts 2 2.3.x before 2.3.32
- 2.5.x before 2.5.10.1
Remediation
- Block the threat indicator at its respective control.
- Immediately upgrade to a secure version if vulnerable versions of Apache Struts are currently running in the environment.