SlideShare a Scribd company logo

Apache struts vulnerabilities compromise corporate web servers 

J
Jeff Suratt

Critical security vulnerabilities in the widely used Apache Struts framework have enabled hackers to compromise corporate web servers and steal sensitive data. The vulnerabilities allow remote code execution, which hackers have used to install malware and access credentials, databases, and protected information. Companies are encouraged to immediately install available patches to mitigate risks from the Apache Struts vulnerabilities.

Technology
1 of 3
Download to read offline
Apache Struts Vulnerabilities Compromise Corporate Web Servers Summary Critical security vulnerabilities in the Apache Struts software have enabled hackers to compromise corporate Web servers, thereby putting sensitive corporate data at risk. Technical Details The vulnerabilities allow for remote code execution (RCE) by sending a special request to a vulnerable server and dropping malware or other unauthorized code after access is gained. It potentially enables actors to locate and identify credentials, connect to the database server, and extract or delete the corporate data. Companies and Non-Profit Organizations under attack may not immediately notice a compromise. Apache Struts is an open source and widely used no-cost framework for Java application building. It is utilized across the financial services sector and other critical infrastructure. As such, these vulnerabilities affect numerous industries, including financial firms and third-party vendors on which financial firms rely. Vulnerabilities associated with Apache Struts can exist on Web applications hosted on traditional servers as well as be embedded in hardware devices such as multifunction printers which support a Web interface for configuration and management. Related vulnerabilities include: • CVE-2017-5209: Allows remote attackers to manipulate Struts internals, alter user sessions or affect container settings. Versions prior to Apache Struts 2.3.24.1 are vulnerable. • CVE-2017-5638: Mishandles file upload, allowing remote attackers to execute arbitrary commands. Versions prior to Apache Struts 2.3.32 and 2.5.10.1 are vulnerable. • CVE-2017-7672: Prepares a special URL which is used to overload server process. The solution is to upgrade to Apache Struts version 2.5.12. • CVE-2017-9787: Makes it possible to perform a denial of service attack. The solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33. • CVE-2017-9791: Allows remote code execution. • CVE-2017-9793: Allows an unauthenticated, remote attacker to cause a denial of service. • CVE-2017-9804: Allows an unauthenticated, remote attacker to cause a denial of service. • CVE-2017-9805: Allows remote attackers to execute arbitrary code. Prevention and Mitigation Web application vulnerabilities or configuration weaknesses are regularly exploited. Therefore, identification and closure of these vulnerabilities is crucial to avoiding potential compromise. Patches to mitigate threats from Apache Struts vulnerabilities
have been released and are currently publicly available. It is recommended to continue to monitor for new vulnerabilities and patches as they emerge. Also review reliance on easily identified Internet connected devices for critical operations, particularly those shared with public facing Web servers. The following suggestions specify security and Web server specific practices: • Employ regular updates to applications and the host operating system to ensure protection against known vulnerabilities. • Implement a least-privileges policy on the Web server to: • Reduce adversaries’ ability to escalate privileges or pivot laterally to other hosts. • Control creation and execution of files in particular directories. • If not already present, consider deploying a demilitarized zone (DMZ) between your Web-facing systems and the corporate network. Limiting the interaction and logging traffic between the two provides a method to identify possible malicious activity. • Ensure a secure configuration of Web servers throughout the compliance management process blocking unnecessary services and ports and necessary services and ports should be restricted where feasible and not using default login credentials. • Utilize a reverse proxy or alternative service, such as modsecurity, to restrict accessible URL paths to known legitimate ones. • Establish, and backup offline, a “known good” version of the relevant server and a regular change-management policy to enable monitoring for changes to servable content with a file integrity system. • Employ user input validation to restrict local and remote file inclusion vulnerabilities. • Conduct regular system and application vulnerability scans to establish areas of risk. While this method does not protect against zero day attacks it will highlight possible areas of concern. • Deploy a Web application firewall and conduct regular virus signature checks, application fuzzing, code reviews and server network analysis. Detection The following may be indicators that your Web server has been infected by malware. Note a number of these indicators are common to legitimate files. Any suspected malicious files should be considered in the context of other indicators and triaged to determine whether further inspection or validation is required. • Abnormal periods of high site usage (due to potential uploading and downloading activity); • Files with an unusual timestamp (e.g., more recent than the last update of the Web applications installed); • Suspicious files in Internet accessible locations such as web root; • Files containing references to suspicious keywords such as cmd.exe or eval;
• Unexpected connections in logs: • A file type generating unexpected or anomalous network traffic (e.g., a JPG file making requests with POST parameters); • Suspicious logins originating from internal subnets to DMZ servers and vice versa. • Any evidence of suspicious shell commands, such as directory traversal, by the Web server process. During known incidents involving one of the above Apache Struts vulnerabilities, the actors deployed the following webshells. (The below MD5 hash values are provided for network defense by U.S. CERT): • MD5 = 75a504a0679d909baf4ad56356a7a6ad • MD5 = 026ab37483b9fe4525be794c9c37fdc8 • MD5 = af99906f8dc68e51236b20150b85d674 • MD5 = ab364a37dc45d7fa5a09ec0ddea1415f • MD5 = f068a5d7087a5ebe3a33bb57d4ccf2b9 • MD5 = cc5678b14ce6961522ca1813906b0098 • MD5 = cefe091c4ad39ff06d5275c6201989d1 • MD5 = bde8793c0712c08c468de000cb24fa8c • MD5 = ef3981b9cffd41265ff2c65ef010f358 • MD5 = 1a02e6179cfc8118c1864890ea0e5e77 Reporting Compliance officials and patch managers are encouraged to add the necessary updates to the patch que as soon as possible due to the continued and legacy use of Apache Struts in corporate environments.

Recommended

A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment framework
Mark Jayson Fuentes
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
AlienVault
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas Azure
Alert Logic
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations Center
Alert Logic
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPT
shiriskumar
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
PCI 3.0 and penetration testing
PCI 3.0 and penetration testingPCI 3.0 and penetration testing
PCI 3.0 and penetration testing
Marcus Dempsey
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)
Alert Logic
 

Recommended

A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment framework
Mark Jayson Fuentes
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
AlienVault
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas Azure
Alert Logic
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations Center
Alert Logic
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPT
shiriskumar
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
PCI 3.0 and penetration testing
PCI 3.0 and penetration testingPCI 3.0 and penetration testing
PCI 3.0 and penetration testing
Marcus Dempsey
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)
Alert Logic
 
Security Operations
Security OperationsSecurity Operations
Security Operationsankitmehta21
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
Designing A Platform Agnostic HA System
Designing A Platform Agnostic HA SystemDesigning A Platform Agnostic HA System
Designing A Platform Agnostic HA System
Runcy Oommen
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
Alert Logic
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM
AlienVault
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Array Networks
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagement
Marjo'isme Yoyok
 
Risk assesment servers
Risk assesment serversRisk assesment servers
Risk assesment serversGeorgi Peshev
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
Alert Logic
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
Alert Logic
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security Management
AlienVault
 
Otx introduction sw
Otx introduction swOtx introduction sw
Otx introduction sw
AlienVault
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in Practice
Security Innovation
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVault
AlienVault
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3
Muhammad Denis Iqbal
 
Web application firewall
Web application firewallWeb application firewall
Web application firewall
Aju Thomas
 
WAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCEWAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCE
Array Networks
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
kiansahafi
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
Hina Rawal
 

More Related Content

What's hot

Security Operations
Security OperationsSecurity Operations
Security Operationsankitmehta21
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
Designing A Platform Agnostic HA System
Designing A Platform Agnostic HA SystemDesigning A Platform Agnostic HA System
Designing A Platform Agnostic HA System
Runcy Oommen
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
Alert Logic
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM
AlienVault
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Array Networks
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagement
Marjo'isme Yoyok
 
Risk assesment servers
Risk assesment serversRisk assesment servers
Risk assesment serversGeorgi Peshev
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
Alert Logic
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
Alert Logic
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security Management
AlienVault
 
Otx introduction sw
Otx introduction swOtx introduction sw
Otx introduction sw
AlienVault
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in Practice
Security Innovation
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVault
AlienVault
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3
Muhammad Denis Iqbal
 
Web application firewall
Web application firewallWeb application firewall
Web application firewall
Aju Thomas
 
WAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCEWAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCE
Array Networks
 

What's hot (20)

Security Operations
Security OperationsSecurity Operations
Security Operations
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
 
Designing A Platform Agnostic HA System
Designing A Platform Agnostic HA SystemDesigning A Platform Agnostic HA System
Designing A Platform Agnostic HA System
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagement
 
Risk assesment servers
Risk assesment serversRisk assesment servers
Risk assesment servers
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security Management
 
Otx introduction sw
Otx introduction swOtx introduction sw
Otx introduction sw
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in Practice
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVault
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3
 
Web application firewall
Web application firewallWeb application firewall
Web application firewall
 
WAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCEWAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCE
 

Similar to Apache struts vulnerabilities compromise corporate web servers 

Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
kiansahafi
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
Hina Rawal
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdfWeb sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
aquacareser
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
ibrahimumer2
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
Ravikumar Paghdal
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
Cyber security professional services- Detox techno
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWE
Arun Voleti
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1
robin_bene
 
Webappcontrol for Information Technology
Webappcontrol for Information TechnologyWebappcontrol for Information Technology
Webappcontrol for Information Technology
tiwariparivaar24
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
Sebastien Deleersnyder
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
karthik menon
 
Web Access Firewall
Web Access FirewallWeb Access Firewall
Web Access Firewall
BalaBhaskaraRao CEH,CCNA Security,CHFI,Qualys Specialist
 
Technical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseTechnical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defense
ISSA LA
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Zakaria SMAHI
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
TechSecIT
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
 

Similar to Apache struts vulnerabilities compromise corporate web servers  (20)

Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdfWeb sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWE
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1
 
Webappcontrol for Information Technology
Webappcontrol for Information TechnologyWebappcontrol for Information Technology
Webappcontrol for Information Technology
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Web Access Firewall
Web Access FirewallWeb Access Firewall
Web Access Firewall
 
Technical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseTechnical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defense
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 

Recently uploaded

Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 

Recently uploaded (20)

Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 

Apache struts vulnerabilities compromise corporate web servers 

  • 1. Apache Struts Vulnerabilities Compromise Corporate Web Servers Summary Critical security vulnerabilities in the Apache Struts software have enabled hackers to compromise corporate Web servers, thereby putting sensitive corporate data at risk. Technical Details The vulnerabilities allow for remote code execution (RCE) by sending a special request to a vulnerable server and dropping malware or other unauthorized code after access is gained. It potentially enables actors to locate and identify credentials, connect to the database server, and extract or delete the corporate data. Companies and Non-Profit Organizations under attack may not immediately notice a compromise. Apache Struts is an open source and widely used no-cost framework for Java application building. It is utilized across the financial services sector and other critical infrastructure. As such, these vulnerabilities affect numerous industries, including financial firms and third-party vendors on which financial firms rely. Vulnerabilities associated with Apache Struts can exist on Web applications hosted on traditional servers as well as be embedded in hardware devices such as multifunction printers which support a Web interface for configuration and management. Related vulnerabilities include: • CVE-2017-5209: Allows remote attackers to manipulate Struts internals, alter user sessions or affect container settings. Versions prior to Apache Struts 2.3.24.1 are vulnerable. • CVE-2017-5638: Mishandles file upload, allowing remote attackers to execute arbitrary commands. Versions prior to Apache Struts 2.3.32 and 2.5.10.1 are vulnerable. • CVE-2017-7672: Prepares a special URL which is used to overload server process. The solution is to upgrade to Apache Struts version 2.5.12. • CVE-2017-9787: Makes it possible to perform a denial of service attack. The solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33. • CVE-2017-9791: Allows remote code execution. • CVE-2017-9793: Allows an unauthenticated, remote attacker to cause a denial of service. • CVE-2017-9804: Allows an unauthenticated, remote attacker to cause a denial of service. • CVE-2017-9805: Allows remote attackers to execute arbitrary code. Prevention and Mitigation Web application vulnerabilities or configuration weaknesses are regularly exploited. Therefore, identification and closure of these vulnerabilities is crucial to avoiding potential compromise. Patches to mitigate threats from Apache Struts vulnerabilities
  • 2. have been released and are currently publicly available. It is recommended to continue to monitor for new vulnerabilities and patches as they emerge. Also review reliance on easily identified Internet connected devices for critical operations, particularly those shared with public facing Web servers. The following suggestions specify security and Web server specific practices: • Employ regular updates to applications and the host operating system to ensure protection against known vulnerabilities. • Implement a least-privileges policy on the Web server to: • Reduce adversaries’ ability to escalate privileges or pivot laterally to other hosts. • Control creation and execution of files in particular directories. • If not already present, consider deploying a demilitarized zone (DMZ) between your Web-facing systems and the corporate network. Limiting the interaction and logging traffic between the two provides a method to identify possible malicious activity. • Ensure a secure configuration of Web servers throughout the compliance management process blocking unnecessary services and ports and necessary services and ports should be restricted where feasible and not using default login credentials. • Utilize a reverse proxy or alternative service, such as modsecurity, to restrict accessible URL paths to known legitimate ones. • Establish, and backup offline, a “known good” version of the relevant server and a regular change-management policy to enable monitoring for changes to servable content with a file integrity system. • Employ user input validation to restrict local and remote file inclusion vulnerabilities. • Conduct regular system and application vulnerability scans to establish areas of risk. While this method does not protect against zero day attacks it will highlight possible areas of concern. • Deploy a Web application firewall and conduct regular virus signature checks, application fuzzing, code reviews and server network analysis. Detection The following may be indicators that your Web server has been infected by malware. Note a number of these indicators are common to legitimate files. Any suspected malicious files should be considered in the context of other indicators and triaged to determine whether further inspection or validation is required. • Abnormal periods of high site usage (due to potential uploading and downloading activity); • Files with an unusual timestamp (e.g., more recent than the last update of the Web applications installed); • Suspicious files in Internet accessible locations such as web root; • Files containing references to suspicious keywords such as cmd.exe or eval;
  • 3. • Unexpected connections in logs: • A file type generating unexpected or anomalous network traffic (e.g., a JPG file making requests with POST parameters); • Suspicious logins originating from internal subnets to DMZ servers and vice versa. • Any evidence of suspicious shell commands, such as directory traversal, by the Web server process. During known incidents involving one of the above Apache Struts vulnerabilities, the actors deployed the following webshells. (The below MD5 hash values are provided for network defense by U.S. CERT): • MD5 = 75a504a0679d909baf4ad56356a7a6ad • MD5 = 026ab37483b9fe4525be794c9c37fdc8 • MD5 = af99906f8dc68e51236b20150b85d674 • MD5 = ab364a37dc45d7fa5a09ec0ddea1415f • MD5 = f068a5d7087a5ebe3a33bb57d4ccf2b9 • MD5 = cc5678b14ce6961522ca1813906b0098 • MD5 = cefe091c4ad39ff06d5275c6201989d1 • MD5 = bde8793c0712c08c468de000cb24fa8c • MD5 = ef3981b9cffd41265ff2c65ef010f358 • MD5 = 1a02e6179cfc8118c1864890ea0e5e77 Reporting Compliance officials and patch managers are encouraged to add the necessary updates to the patch que as soon as possible due to the continued and legacy use of Apache Struts in corporate environments.