Untitled Document

Hackers targeting servers running Apache Struts applications

by Nadeer on 2013-08-18 at 10:09:43


Hackers targeting servers running Apache Struts applications, researchers say 

A tool for exploiting known Struts vulnerabilities is available on Chinese hacker forums, Trend Micro researchers said

Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework

Apache Struts is a popular open-source framework for developing Java-based Web applications that's maintained by the Apache Software Foundation.
 
[ InfoWorld's expert contributors show you how to secure your Web browsers in a free PDF guide. Download it today! | Learn how to protect your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
 
Several security updates were released for Struts this year, including last month, to address highly critical vulnerabilities that could enable remote attackers to execute arbitrary commands on Web servers running applications built with the framework.
 
Hackers have since taken notice and are now actively exploiting those flaws, according to researchers from security firm Trend Micro, who found a tool on Chinese underground forums that automates attacks against vulnerable Struts versions.
 
The tool exploits the following Struts vulnerabilities to compromise servers: S2-016 (CVE-2013-2251), which was patched in Struts 2.3.15.1 on July 16; S2-013 (CVE-2013-1966), patched in Struts 2.3.14.1 on May 22; S2-009 (CVE-2011-3923), patched in Struts 2.3.1.2 on Jan. 22, 2012; and S2-005 (CVE-2010-1870), patched in Struts 2.2.1 on Aug. 16, 2010.
 
The existence of the attack tool was confirmed on July 19, three days after the most recent vulnerability was disclosed to the public, Noriaki Hayashi, a senior threat researcher at Trend Micro, said Wednesday in a blog post.
 
"We have observed attacks against Asian targets using this specific hacking tool, which indicates these Struts flaws are being actively exploited by potential threat actors in the wild," he said.
 
Once hackers break into a Linux-based or Windows-based server using the Struts attack tool, they can execute pre-configured commands in order to extract information about the server's operating system, directory structure, active users, and network configuration.
 
The tool also allows attackers to plant a so-called Web shell that acts as a backdoor, giving them persistent access to the servers to execute other commands and use them as they see fit, Hayashi said.
 
The Web shell installed by the tool is called JspWebShell and is coded using JavaServer Pages.
 
Web shells with more powerful capabilities are easily available on hacker forums and they allow attackers to search for and steal information from compromised servers, the researcher said.
 
Struts 2.3.15.1, which is currently the most secure version of the framework, removed several vulnerable features like the "redirect:" and "redirectAction:" prefixes of the DefaultActionMapper class. The Struts developers warned that upgrading to this version might break some applications that rely on those features and recommended replacing the retired prefixes with fixed navigation rules.
 
Upgrading to the latest version is strongly recommended, Hayashi said. "The potential risks from a successful attack outweigh the inconvenience of modifying any deployed apps."


20
Oct

Finland: Hacker illegally accessed 60,000 servers worldwide and used foreign

by Nadeer

Finland: A hacker has been arrested from Helsinki (capital and largest city of Finland) for a suspect in Illegal accessing of 60,000 servers worldwide.

Along with the servers, hacker


14
Oct

Vulnerability in Whatsapp allows decrypting user messages

by Nadeer

A serious vulnerability in WhatsApp allows anyone who is able to eavesdrop on WhatsApp connection to decrypt users' messages.

 Whatsapp, the mobile application for instant messaging platform has


11
Sep

7 top changes in Apple's new iOS 7 operating system

by Nadeer

Apple is touting its latest mobile operating system as the "most significant" iOS update since the original iPhone.

"Downloading iOS 7 is like getting an all-new device," said Craig Federighi,


09
Sep

Facebook, Google and Twitter caught monitoring URLs in messages -

by Nizar

Large Internet firms including Facebook, Google and Twitter are monitoring some web links sent between their users, including those in private communications, a research firm has confirmed. Swiss security


04
Sep

Hackers Find Weaknesses in Car Computer Systems

by Nizar

As cars become more like PCs on wheels, what's to stop a hacker from taking over yours?

In recent demonstrations, hackers have shown they can slam a car's brakes at freeway


28
Aug

Web and Mobile Interest Group Emerges from W3C to Further

by Nadeer

Everyone’s on the move these days — the mobile Web movement that is. The World Wide Web Consortium (W3C) is, too, and is adding more depth to its mission for


25
Aug

Affordable web designs that are effective

by Nizar

New article released on the effectiveness of good web design for business.

With increase in the population of IT professionals with every passing year, web development in


20
Aug

HTTPS hack

by Nizar

The HTTPS security measures that are used to protect websites are susceptible to a new attack that can extract information in as little as 30 seconds.

The method, called


19
Aug

50 BIG Social Media Stats of 2013

by Nadeer

The Social Media industry has shown no signs of slowing down, which means it’s becoming and in some cases already is a major channel


13
Aug

Website Abandonment – How to Keep Visitors From Leaving Your

by nizar

Getting traffic is half the battle…keeping that traffic is an entirely different story.

You may have a great product, an award-winning website design, and even stellar content, but if


13
Aug

Facebook for Business to revolutionise business

by Nizar

Facebook has always considered business to be an integral part of its mission to enhance communications and because of Facebook, thousands of businesses have indeed prospered. Whether it is a


13
Aug

Majority of Internet users in Iraq have Facebook account

by Nizar

A new comprehensive survey from the Arab Advisors Group probed the media consumption habits in Iraq. The survey provides insights into the broadcast and online media