On September 5, 2017, the Struts official exposed a critical level vulnerability, No. S2-052. Under certain condition, hackers can exploit this vulnerability to remotely send crafted malicious packets to get permissions for business data and servers. Therefore, this vulnerability has a high security risk.
See the following for more information about the vulnerability.
Struts2 REST plugin remote code execution vulnerability (S2-052)
When using the Struts2 REST plugin with XStream handler to handle XML payloads without any filtering process, remote code execution attack can be possible. Hackers can exploit this vulnerability to craft malicious XML contents to get the permissions for data or servers.
Condition and method of exploitation
Use the REST plugin in the affected versions of Strust2.
- All versions of Struts 2.3.x
- Struts 2.5 to Struts 2.5.12
Check whether the REST plugin is used in Struts, and whether the version of Struts is affected.
How to fix or mitigate
Currently, the official has released a patch for fixing this vulnerability. We recommend that you upgrade to Apache Struts2.5.13 or Apache Struts 2.3.34.
Alibaba Cloud Security WAF has released the vulnerability rule. You can deploy WAF for your web applications to detect and safeguard the attacks that exploit this vulnerability to avoid the security risk.