News

Security firm warns of attacks via critical vulnerability in Apache Struts

By admin
Spread the love

Cisco’s security component Talos has issued a warning for a large number of attacks via a vulnerability in the Apache Struts 2 framework, which allows malicious actors to execute code remotely. It affects users of the Jakarta Multipart parser.

In an advisory, the team behind Struts writes that users should update to version 2.3.32 or 2.5.10.1. The Talos alert reports a large number of detected exploit events. In doing so, attackers use a publicly available proof of concept exploit to attack vulnerable servers.

The vulnerability, with attribute CVE-2017-5638, allows remote code execution via a file upload with the Jakarta Multipart parser. According to security company Qualys, it is possible to take over a complete system in this way. Talos notes that attacks of different levels occur. For example, there are variants that only check whether a system is vulnerable and other variants that disable firewalls and then bring malware into the system.

You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

European Commission agrees to VMware acquisition by Broadcom

News

Senate adopts bill to make doxing a punishable offense

News

Apple withdraws Rapid Security Response security update for WebKit vulnerability