Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Disturbing Secrets Of The Deep And Dark Web
August 22, 2018
Rewterz Threat Advisory – Red Hat Update for postgresql
August 24, 2018
A remote code execution vulnerability exists in various versions of Apache Struts which may take over the control of a system in case a successful attack.
IMPACT: HIGH
PUBLISH DATE: 23-08-2018
OVERVIEW
An independent security research group Semmle has released a finding confirmed by the Apache Foundation that a critical remote code execution flaw exists in the popular Struts 2 open source framework. This vulnerability is located in the core of Apache Struts 2 and impacts all supported versions of Struts 2.
The vulnerability originates from the insufficient validation of user-provided untrusted inputs in the core of the Struts framework under certain configurations. The exploit can be triggered just by visiting a specially crafted URL on the affected web server. It enables the attackers to execute malicious code and eventually take complete control over the targeted server on which the vulnerable application is running.
ANALYSIS
The vulnerability involves the injection of a payload as unvalidated input into a Struts application which is then evaluated and used to cause a remote code execution.
The exploit uses an obscure expression language called OGNL, used by only a few Java based frameworks such as Struts and Spring Web Flow. The OGNL expression payload results in a remote code execution that affects Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16.
The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of URL tags with no value or action. In cases where upper actions or configurations also have no namespace or a wildcard namespace, an attacker could exploit this vulnerability by sending a request that submits malicious input to the affected application for processing.
Successful exploitation leads to execution of an arbitrary code in the security context of the targeted system or the affected application.
AFFECTED PRODUCTS
Apache Struts versions:
- 2.3 to 2.3.34 • 2.5 to 2.5.16
VULNERABILITY INDICATORS
All applications that use Apache Struts supported versions (Struts 2.3 to Struts 2.3.34, and Struts 2.5 to Struts 2.5.16) are potentially vulnerable to this flaw, even without enabling any additional plugins.
The following conditions indicate that Apache Struts is vulnerable to the Remote Code Execution flaw:
- The “alwaysSelectFullNamespace” flag is set to true in the Struts configuration.
- Struts configuration file contains an “action” or “URL” tag that does not specify the optional namespace attribute or specifies a wildcard namespace.
MITIGATION
Apache Struts has fixed the vulnerability with the release of Struts versions 2.3.35 and 2.5.17. Both of these versions contain the security fixes only, and no backward incompatibility issues are expected. All clients using vulnerable versions of the Apache Struts are advised to upgrade to the patched versions as soon as possible.