Apache Struts vulnerability exploit POC published

Security researchers have discovered proof-of-concept code of an Apache Struts vulnerability exploit, to include a Python script that makes it easier to exploit. 

The exploit code was published on GitHub just days after the Apache Software Foundation issued a security update on August 22 for a critical remote code execution (RCE) vulnerability (CVE-2018-11776) in Apache Struts 2. 

According to Recorded Future, this vulnerability could be more trivial and even easier to exploit than last year’s Apache Struts exploit (CVE-2017-5638) that was linked to the Equifax breach. The new exploit doesn’t require any additional plugins to successfully exploit.

Recorded Future also detected chatter in a number of Chinese and Russian underground forums regarding the exploitation of this vulnerability. 

Leave a Reply