In March of 2017, attackers began exploiting a bug in the Apache Struts Jakarta Multipart parser. The attack resulted in attackers being able to execute arbitrary commands on HTTP servers with specially crafted HTTP requests. This vulnerability has recently gained additional buzz because there has been a recently named campaign (Zealot) that uses this vulnerability to compromise a web server and gain a foothold on the network and then use EternalBlue and EternalSynergy exploits to move laterally.
Campaign using vulnerability to gain foothold via web servers – https://f5.com/labs/articles/threat-intelligence/cyber-security/zealot-new-apache-struts-campaign-uses-eternalblue-and-eternalsynergy-to-mine-monero-on-internal-networks?sf176487178=1
NVD Reference – https://nvd.nist.gov/vuln/detail/CVE-2017-5638#vulnDescriptionTitle
Proficio Threat Intelligence Recommendations:
- Upgrade to Struts 2.3.32 or Struts 2.5.10.1 on any Apache system within the organization