CVE-2017-9804 Apache Struts Multiple Security Vulnerabilities (S2-050, S2-051, S2-052)

漏洞类别:Local

漏洞等级:

漏洞信息

Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications.

Apache Struts is exposed to following vulnerabilities:

– Possible DoS attack when using URLValidator (CVE-2017-9804)
– A DoS attack is possible when using outdated XStream library with the Struts REST plugin (CVE-2017-9793).
– A RCE attack is possible when using the Struts REST plugin with XStream handler to deserialise XML requests (CVE-2017-9805).

Affected software:
Struts 2.3.7 – Struts 2.3.33, Struts 2.5 – Struts 2.5.12

QID detection logic (Authenticated) :
This authenticated detection looks for “struts core” jar files in deployed web applications directories and lib folder of Tomcat server.
Once it successfully finds the jar file, information is extracted from that jar files and compared with vulnerable versions.
This detection does NOT support applications are deployed with server configuration unpackWARs=false.

漏洞危害

A remote attacker could exploit this vulnerability to execute arbitrary code.

解决方案

The vendor has released advisories and updates to fix these vulnerabilities.
Refer to the following link for further details: Apache Struts Announcements 05 September 2017

Workaround:
Disable access to the REST API used by Struts as it does not correctly deserialize objects when invoked.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

S2-050

S2-051

S2-052

Leave a Reply