A new vulnerability has been discovered in Apache Struts that could allow an attacker to upload a malformed file and take over an application after gaining remote code execution rights on a Struts-based application server. Up to 65% of Fortune 100 companies could be vulnerable if they don’t implement the newly released patch. Michael Patterson, CEO at Plixer commented below.
Michael Patterson, CEO at Plixer:
“This is a significant finding given that the majority or our largest companies are using Apache Struts. Although, a patch for the vulnerability has since been released, given that many companies don’t stay on top of patches, there still could be plenty of time for malicious code writers to exploit it. Most organizations are aware that there is absolutely no way to prevent being compromised. The best defense for a company is to be very difficult to penetrate and hope that bad actors move onto an easier target. Also, network traffic analytics using NetFlow, IPFIX and other forms of meta data can help unearth abnormal traffic patterns that are often generated by these contagions.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.