New vulnerabilities are discovered on a regular basis, and some receive quite a bit of publicity, while others fly under the radar. The latter situation can open up extensive opportunities for attackers to exploit these vulnerabilities.
A good example of one that has been “out” for quite a while without receiving much attention in the media (and thus from organizations that may be affected) is the Apache Struts vulnerability. Today, we’d like to take a look at what it is, why it’s worthy of attention, and what you can do to protect your organization.
The Apache Struts Vulnerability: What it is and Why it Matters
Apache is the most widely distributed web server in the world. The majority of the internet’s websites are run on it. Struts, in turn, is an Apache-based open source framework for building Java web apps. It’s quite popular with large tech companies, government agencies, and financial institutions.
In March 2017, it was discovered that Apache Struts had a serious vulnerability, and since then it has been attacked in the wild on an active basis. The flaw resides specifically in the Jakarta Multipart parser upload function in Apache. Basically, it lets attackers craft malicious requests for Apache web servers, which are then able to execute on users’ systems.
Because it is such a widespread technology, the Apache Struts vulnerability has the potential to impact many organizations, and the potential fallout is dire. The attacks could be even more severe for organizations running their Apache web servers as root (not a best practice.)
This vulnerabiity is also extra-concerning because exploiting it is trivial. Hackers can easily spot vulnerable systems, the Struts exploits are publicly available, and the attack is easy to carry out and repeat. Attackers need to modify just one line of code to trick servers into downloading malicious binary from the internet.
The ubiquitousness of Apache, combined with the simplicity of executing this attack, makes it one worth paying attention to and actively protecting against.
How to Protect Against the Apache Struts Vulnerability
As far as this specific vulnerability is concerned, the Struts versions affected are:
Network administrators should immediately upgrade to 2.3.32 or 220.127.116.11 to ensure that their systems are patched against it. You can also switch to a different implementation of the parser.
However, patching isn’t always as straightforward as it sounds, since web apps may need to be rebuilt. Older apps might even have to be brought back from the dead to ensure that they aren’t offering a weak point for attackers.
It’s a good idea to get those patches done as quickly as you can, but patching quickly is not always easy or possible, especially for critical or public-facing servers. Because of this, having a real-time host-based intrusion detection system (HIDS) is important to detect these attacks when they are in their zero-day states and beyond.
Why HIDS is a Key Line of Defense
Even if you are not vulnerable to this particular type of attack, it’s a good idea to use it as an excuse to evaluate your intrusion Go to the full article.
Source:: Business 2 Community