If you work in IT Security Department of any large software developing company, you were probably searching for Apache Struts in your environment on this week.
And it’s all because of CVE-2017-5638:
Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON.
In a blog post published Monday, Cisco’s Threat intelligence firm Talos announced the team observed a number of active attacks against the zero-day vulnerability (CVE-2017-5638) in Apache Struts
This is a good example, that shows the usefulness of the Vulners.com service.
Here are: description of the vulnerability from The Hacker News, manual on how to use this vulnerability to gain server access from myhack58, Nessus local windows and remote cgi detection plugins.
This Nessus plugins should be available in Plugin Set since 201703081845
You can also search plugins with:
$ find /opt/nessus/lib/nessus/plugins -name "struts_2_5_10_1_rce.nasl"
With slightly different request query=S2-045 you can also get full code of Struts2 S2-045 Remote Command Execution exploit from Packet Storm (it’s a pity that they don’t use CVE-2017-5638 in description)
The easiest way to get updates on new objects updates related to this issue is to subscribe on them in Vulners. Vulners now supports HTML, PDF and JSON type of reports, that will be attached to the email.
HTML and PDF is the same human readable information. JSON may be useful, if you want to write some scripts that will analyze email attachments and somehow react on them, for example create JIRA tickets or start vulnerability scan jobs.
To add new search query subscription add the query and email:
If you press on black icon with magnifying glass you will see preview of email template based on your query:
Press “Add” button and you will see new subscription in your Subscriptions list:
So, a small Life Hack to stay up-to-date with latest vulnerability news:
- Go to https://vulners.com/#subscriptions
- Subscribe on security content you need
- Get emails as soon as new objects in the query will appear in Vulners database