Struts2 Exposed Remote Code Execution Vulnerability(S2-037)

28/06/2016 17:00:46


Summary

Struts2 revealed a vulnerability of high-risk named S2-037, CVE Number: CVE - 2016-4438, which allows hackers to take advantage of the vulnerability to directly execute arbitrary code, upload files, execute a remote command & control server, and steal all of the user's data directly. This vulnerability is affecting a wide range Struts versions.

On June 16, struts 2 official vulnerability announcement:



Struts2 is one of the most widely used web Java server framework in the world. It  is the next generation of Struts products, which is a combination of the new Struts2 framework based on Struts1 and WebWork technology.

The reason why Apache struts2 S2-037 of the remote code execution vulnerability appears is that Struts 2 uses REST plugin. The attacker uses REST to call malicious expression to execute remote code. This vulnerability and S2-033 are triggered in similar methods, which are executed through the OGNL expression brought about by methodName of ActionMappingand lead to arbitrary code execution.  

Software Versions:

Struts 2.3.20 -  Struts 2.3.28.1 version using the REST plugin.

Solution


    1. Upgrade the Apache Struts to version 2.3.29

    2. For Sangfor NGAF customer, update the IPS to version 20160630 version or above.



Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2017 SANGFOR TECHNOLOGIES INC. ALL RIGHTS RESERVED.