SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

We are Seeing Ongoing Struts 2 Attacks

If you’re running web applications on the Internet, then you’re almost certainly seeing probes for the Struts 2 vulnerability (CVE-2017-5638). These attacks started within hours of the vulnerability being released, and we continue to see widespread probes with dangerous payloads in the first request. They all look something like this…

Struts-attack040717.png

This attack is extremely dangerous. The attacker is taking advantage of how Struts 2 handles malformed Content-Type headers. They are included in an error message that is evaluated as an OGNL expression. This gives any unauthenticated attacker the ability to run arbitrary code on your server. In this case, the underlying payload is written in Perl and downloaded from the Internet. An IRC channel is used for command and control. 

Contrast Security is just like you, and we are seeing these attacks against our servers too.  Since the announcement last month, we have been blocking attacks numerous times, every day, from places like Hong Kong, Shandong, Bangalore, and many other places around the world.

As I sit and watch these attacks happening, I can’t help but feel all warm and cozy inside. Contrast automatically detects and blocks attacks like Struts 2 and other vulnerabilities in open source components. Contrast also blocks bots, manual attacks, even attacks against totally unknown vulnerabilities in your applications. 

I want to help you with your application security program. You don’t have to live with ‘solutions’ cobbled together from a variety of tools that are more work than they’re worth. There is no reason why you shouldn’t be able to instantly:

If you’d like to know more, let me know and we can talk.

Thanks,

~Jeff 
Jeff Williams | Co-founder and CTO
Contrast Security
888.371.1333 | @planetlevel @contrastsec

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook