Security

This article is more than 1 year old

Hackers latch onto new Apache Struts megavuln to mine cryptocurrency

Underground forums alight with Struts chat, we hear

Thu 30 Aug 2018 // 15:05 UTC

A recently uncovered critical vulnerability in Apache Struts is already being exploited in the wild.

Threat intel firm Volexity has warned that hackers are abusing the CVE-2018-11776 vuln to attack systems running Apache Struts 2, a popular open-source framework for developing applications in Java. Specifically, some nasty characters have abused the flaw while trying to install the CNRig cryptocurrency miner, researchers said.

The vulnerability appears to be easier to exploit than the Struts flaw that was used in the infamous Equifax breach, so cryptocurrency scams may be the least of our worries.

Apache's latest SNAFU – Struts normal, all fscked up: Web app framework needs urgent patching

CVE-2018-11776 affects versions 2.3 up to 2.3.34 as well as Struts 2.5 up to 2.5.16. It also poses a potential risk to unsupported versions of the framework. Uncovered by software engineering analytics firm Semmle, the vuln is caused by insufficient validation of untrusted user data in the core of the Struts framework. The security flaw allows a remote, unauthenticated user to execute arbitrary code on the system they've targeted.

Developers at the Apache Software Foundation have urged sysadmins to update their systems (to 2.3.35 for those using version 2.3 and 2.5.17 for those on 2.5 – see here), as The Register previously reported.

"An attacker can exploit the flaw by adding their own namespace to the URL as part of an HTTP request," threat intel firm Recorded Future warned. "Unfortunately, this makes the vulnerability trivial to exploit — in fact, proof-of-concept code has already been released, including a Python script that allows for easy exploitation."

Image by Vaniato http://www.shutterstock.com/gallery-2619637p1.html

Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

Hackers are buzzing over the bug. Recorded Future said it has picked up "chatter in a number of Chinese and Russian underground forums around the exploitation of this vulnerability".

"Unlike last year's Apache Struts exploit (CVE-2017-5638), which was at the centre of the Equifax breach, this vulnerability appears easier to exploit because it does not require the Apache Struts installation to have any additional plugins running in order to successfully exploit it," Recorded Future added in a blog post about the bug. ®

More about

COMMENTS

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Security

Hackers latch onto new Apache Struts megavuln to mine cryptocurrency

Underground forums alight with Struts chat, we hear

Apache's latest SNAFU – Struts normal, all fscked up: Web app framework needs urgent patching

Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

More about

TIP US OFF

Other stories you might like

Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op

Debian spices up APT package manager with a dash of color, squishes ancient bug

AI PCs are here but a killer application for biz users? Nope

Reducing the cloud security overhead

Valkey publishes release candidate and attracts new backer

Cisco creates architecture to improve security and sell you new switches

Europe gives TikTok 24 hours to explain 'addictive and toxic' new app

Singapore infosec boss warns China/West tech split will be bad for interoperability

Mars helicopter sends final message, but will keep collecting data

Taiwanese film studio snaps up Chinese surveillance camera specialist Dahua

Software glitch saw Aussie casino give away millions in cash

HPE sues China's Inspur Group over server patents

About Us

Our Websites

Your Privacy