Remote code execution vulnerabilities are serious security flaws that allow remote hackers to run arbitrary code on vulnerable servers, causing the server to become a platform for launching Denial of Service (DDoS) attacks, stealing sensitive data, or taking over the server. The most serious remote code execution vulnerability found in the Apache Struts framework to date was patched by the vendor on March 18, 2018. The vulnerability was discovered by TippingPoint researchers and it was assigned the CVE identifier CVE-2018-3731. Vulnerable versions of the Apache Struts framework were being actively exploited by hackers. The vulnerability was being actively exploited by cyber criminals to serve malicious applications. Hackers used it to deliver cryptocurrency miners, spyware, and other types of malicious applications to vulnerable servers. In short, Apache Struts was being actively exploited to deliver malicious software implants to servers.
Apache Struts Remote Code Execution Vulnerability
The Apache Struts vulnerability was discovered by TippingPoint researchers. The vulnerability was assigned the CVE identifier CVE-2018-3731 and it was being actively exploited by hackers. Hackers were using it to deliver cryptocurrency miners, spyware, and other types of malicious applications to vulnerable servers. In short, Apache Struts was being actively exploited to deliver malicious software implants to vulnerable servers.
Apache Struts is an open source web application framework for developing Java applications that rely on the Model-View-Controller (MVC) architecture. It is a very popular enterprise platform used by many organizations in many industries such as aerospace and defense, banking, manufacturing, telecommunications, retailing and utilities. Apaches Struts framework is also used in many JavaEE web applications like WebSphere Application Server (WAS), JBoss Application Server (JBS), GlassFish server, TomEE server, Geronimo server and WildFly.
Remote Code Execution and SQLi
Remote code execution vulnerabilities are a serious security flaw that allow remote hackers to run arbitrary code on vulnerable servers, causing the server to become a platform for launching Denial of Service (DDoS) attacks, stealing sensitive data, or taking over the server. Two of the most common types of remote code execution vulnerabilities are SQL injection and cross-site scripting.
Cross-site scripting is commonly used by malicious hackers to steal sensitive user data from vulnerable web applications. These vulnerabilities allow hackers to execute JavaScript in the context of a victim’s browser session while appearing as if it's part of an authorized page on the website. The script can then be used to steal sensitive information like usernames, passwords, and bank account details.
An example of a SQL injection vulnerability would be when someone inputs an invalid parameter into a database query that hides or displays specific content on an application. This could lead to exposing personal information such as usernames and passwords or viewing sensitive/confidential/private data in non-public areas.
Apache Struts Remote Code Execution Vulnerability - technical overview
The Apache Struts flaw could be exploited by an attacker to remotely execute arbitrary code on vulnerable servers. A remote hacker can exploit the Apache Struts flaw to steal sensitive data or to launch DDoS attacks. The Apache Struts flaw was patched by the vendor on March 18, 2018.
Timeline
Published on: 02/09/2022 17:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC