Apache Struts2 Vulnerabilities S2-052

Submitted on 6. September 2017 - 16:14 by rischi.
Last update on 6. September 2017 - 16:33.

IDs:

S2-052, CVE-2017-9805

Keywords:

Struts2

Description:

A critical Apache Struts2 vulnerability has been found which may allow remote code execution when using the REST-Plugin to handle XML payloads in Struts 2.5 prior version 2.5.13. For details see [1].

Airlock Suite software is not affected because Apache Struts2 is not used.

Resolution:

If you are using the REST-Plugin in Struts 2.5 we strongly recommend to upgrade to the newest Apache Struts 2.5 version.

If you are using the REST-Plugin without XML payloads (e.g. with JSON payloads) you can configure the following Deny Rule on Airlock WAF to block any XML requests including malicious XML payloads trying to execute code on the back-end system.

Type: Content-Type
Pattern:

xml

Case-sensitive: OFF
Invert: OFF

If your application handles XML requests we recommend to consider Airlock's XML filter add-on to validate XML payloads and protect against such kind of attacks. See [2] for further information.

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

Back-ends may be vulnerable, see resolution

Reference:

[1] Apache Struts 2 - S2-052

[2] Apache SOAP/XML Filter

Main menu

Navigation

User menu

You are here

Apache Struts2 Vulnerabilities S2-052

Main menu

Search form

Navigation

User menu

You are here

Apache Struts2 Vulnerabilities S2-052