Earlier this month, hackers exploited a serious Java vulnerability during a series of large-scale attacks, according to Ars Technica. These nefarious coders were able to gain control of various web servers via a code-execution fault within past versions of Apache Struts 2 open-source application framework. The weakness gives unauthorized users the ability to submit commands to servers hosted on the platform and wreak havoc within internal networks.
Developers responsible for maintaining Apache Struts 2 designed an effective patch for the vulnerability and went to work reaching out to organizations using the bug-laden software. Many users adopted the fix. However, some have yet to apply the patch and continue to run compromised versions, Hack Players reported.
"If you run it against a vulnerable application, the result will be the remote execution of commands with the user running the server," cybersecurity expert Vicente Motos wrote on the site. "We have dedicated hours to reporting to companies, governments, manufacturers and even individuals to patch and correct the vulnerability as soon as possible, but the exploit has already jumped to the big pages of 'advisories,' and massive attempts to exploit the internet have already been observed."
The Cisco Systems Security Advisory published a dossier on the Apache Struts 2 fault March 6. The technology company traced the vulnerability to the framework's mutlipart parser, which may improperly handle content-type header values during file uploads. Using this flaw, hackers can transfer malicious content and leverage it to gain server access. According to those familiar with the situation, executing such an attack is relatively easy, meaning external actors at every skill level can take advantage of the vulnerability.
"Hackers were able to gain control of various web servers via a code-execution fault within past versions of Apache Struts 2."
External actors test servers
Most of the external actors taking advantage of the system weakness are using it to probe internal networks for other more serious flaws, according to the data security firm Talos. However, others are executing more sophisticated attacks. For example, Apache Struts 2 programmers have observed instances in which hackers freeze firewalls. This is done by downloading destructive files from the inside, including denial-of-service malware. In most cases, this kind of attack unfolds within networks running Linux. Some external actors employ this attack but with greater persistence, not only gaining network access but also overtaxing servers.
Some data security specialists speculate that many of the affected applications belong to abandoned projects, Ars Technica reported. This means many have received little to no maintenance and may no longer be in use. Even so, these strikes have shaken users – some of whom operate in the health care and public service realms – as many functioning applications most likely run unprotected versions of Apache Struts 2.
Instituting new patches
Open-source developers have distributed custom patches to enterprise and private users alike. Cisco and other major software firms have also released fixes for the bug. However, most data security personnel recommend updating to the latest version of Apache Struts 2, as it does not include the vulnerability.