You are here

Apache Struts2 Vulnerabilities S2-052

Affects product: 
Airlock WAF
Airlock IAM
Airlock Login
IDs: 
S2-052, CVE-2017-9805
Keywords: 
Struts2
Description: 

A critical Apache Struts2 vulnerability has been found which may allow remote code execution when using the REST-Plugin to handle XML payloads in Struts 2.5 prior version 2.5.13. For details see [1].

Airlock Suite software is not affected because Apache Struts2 is not used.

Resolution: 

If you are using the REST-Plugin in Struts 2.5 we strongly recommend to upgrade to the newest Apache Struts 2.5 version.

If you are using the REST-Plugin without XML payloads (e.g. with JSON payloads) you can configure the following Deny Rule on Airlock WAF to block any XML requests including malicious XML payloads trying to execute code on the back-end system.

Type: Content-Type
Pattern:

xml

Case-sensitive: OFF
Invert: OFF

If your application handles XML requests we recommend to consider Airlock's XML filter add-on to validate XML payloads and protect against such kind of attacks. See [2] for further information.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution