A vulnerability in Apache Struts2 has been announced (CVE-2017-9805). The original announcement is here: https://cwiki.apache.org/confluence/display/WW/S2-052.
The vulnerability is a deserialisation vulnerability utilising the JAVA XStream XML serialisation library for user supplied input. The vulnerability is triggered when Apache Struts 2 REST plugin attempts to deserialise a specially crafted XML sent by the attacker and can lead to remote code execution.
All RedShield customers with the shielding service in Blocking mode have been shielded from this vulnerability before the announcement by default shields that block attempts at remote code execution.
Any RedShield customer that is in Transparent mode and is running Apache Struts 2 should contact support@redshield.co.
Any scanning only customer that is running Apache Struts 2 can contact support@redshield.co for assistance.
Comments