We are Seeing Ongoing Struts 2 Attacks
If you’re running web applications on the Internet, then you’re almost certainly seeing probes for the Struts 2 vulnerability (CVE-2017-5638). These attacks started within hours of the vulnerability being released, and we continue to see widespread probes with dangerous payloads in the first request. They all look something like this…
This attack is extremely dangerous. The attacker is taking advantage of how Struts 2 handles malformed Content-Type headers. They are included in an error message that is evaluated as an OGNL expression. This gives any unauthenticated attacker the ability to run arbitrary code on your server. In this case, the underlying payload is written in Perl and downloaded from the Internet. An IRC channel is used for command and control.
Contrast Security is just like you, and we are seeing these attacks against our servers too. Since the announcement last month, we have been blocking attacks numerous times, every day, from places like Hong Kong, Shandong, Bangalore, and many other places around the world.
As I sit and watch these attacks happening, I can’t help but feel all warm and cozy inside. Contrast automatically detects and blocks attacks like Struts 2 and other vulnerabilities in open source components. Contrast also blocks bots, manual attacks, even attacks against totally unknown vulnerabilities in your applications.
I want to help you with your application security program. You don’t have to live with ‘solutions’ cobbled together from a variety of tools that are more work than they’re worth. There is no reason why you shouldn’t be able to instantly:
- Block application attacks
- Know exactly who is attacking you, how they’re attacking, and what they’re targeting
- Deploy runtime protection for new vulnerabilities automatically
- Pinpoint applications and servers that are running vulnerable libraries
If you’d like to know more, let me know and we can talk.
Thanks,
~Jeff
Jeff Williams | Co-founder and CTO
Contrast Security
888.371.1333 | @planetlevel @contrastsec
.jpg)
Jeff Williams, Co-Founder, Chief Technology Officer
Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.
Loving our content? Subscribe now!
Get the latest application security news, trends, tips and insights content from Contrast directly to your inbox. By subscribing, you will stay up to date with all the latest and greatest from Contrast Security.