Security researchers at lgtm.com have discovered a critical remote code execution vulnerability (CVE-2017-9805) in Apache Struts affecting all versions of the popular application development framework since 2008.
The team that discovered the flaw stated that, “This particular vulnerability allows a remote attacker to execute arbitrary code on any server running an application built using the Struts framework and the popular REST communication plugin. The weakness is caused by the way Struts deserializes untrusted data.”.
Protection and real-time visibility for Hdiv customers
Hdiv Enterprise customers are safe against Remote Code Execution attacks, including the attacks based on untrusted deserialization thanks to its active protection features.
As we can see in the following video Hdiv detects the attack, blocking it proactively and avoiding any kind of risk. In addition, the attack is logged including the request IP, URL, payload, date/time, the file and line number of the vulnerability, etc.
Nevertheless it is always recommended to schedule regular Struts framework updates to minimize security bugs to which the application could potentially be exposed. For that, Hdiv provides detection capabilities that report all the vulnerable third party libraries included within the application. You can read more about it following this link.