New Features

Security Center - SC - Website Threat Inspector - A new vulnerability detection plug-in is released

On August 22, 2018, Apache Struts 2 revealed a remote code execution vulnerability No.S2-057. It now can be detected by Website Threat Inspector.
Content

Target users: All users of Apache Struts 2 web application framework and system. Features released: On August 22, 2018, the emergency response center of Alibaba Cloud Security detected an officially released Apache security update, which is a remote code execution vulnerability No.S2-057. The detection plug-in of Website Threat Inspector has been released and the vulnerability database has also been updated. Run a security check as soon as possible. You can join our DingTalk tech support group of Website Threat Inspector if you experience any problems: https://ddurl.to/moSVe. Vulnerability description: In the XML configuration, if the namespace value is defined using a wildcard ("/*") or if the upper package configuration does not have a namespace value, this configuration causes a web application remote code execution vulnerability. The following are two examples that are exposed to this vulnerability : <action name="a1"> <result type="redirectAction"> <param name="actionName">a2.action</param> </result> </action> and <action name="help" namespace="/*"> <result>/WEB-INF/help.jsp</result> </action>. Reference link: https://cwiki.apache.org/confluence/display/WW/S2-057 Vulnerability rating: High. Affected scope: Struts 2.3 - Struts 2.3.34, Struts 2.5 - Struts 2.5.16. For more details: https://help.aliyun.com/noticelist/articleid/24270415.html or contact us.

7th Gen ECS Is Now Available

Increase instance computing power by up to 40% and Fully equipped with TPM chips.
Powered by Third-generation Intel® Xeon® Scalable processors (Ice Lake).

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.