SERVER-APACHE -- Snort has detected traffic exploiting vulnerabilities in Apache servers.
SERVER-APACHE Apache Struts remote code execution attempt
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. Impact: CVSS base score 10.0 CVSS impact score 6.0 CVSS exploitability score 3.9 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH Details: Ease of Attack:
This rule will trigger with any attempt to perform a command injection or code execution inside of Apache Struts
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
Command Injection
Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.
CVE-2017-5638 |
Loading description
|
CVE-2017-9791 |
Loading description
|
CVE-2019-0230 |
Loading description
|
Tactic: Privilege Escalation
Technique: Access Token Manipulation
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org