Apache Struts — Remote Code Execution — CVE-2017–5638
back to BLOG

Apache Struts — Remote Code Execution — CVE-2017–5638

Chris Wallis

On March 7th a critical vulnerability was announced in the Apache Struts framework, a popular web development toolkit that is commonly used in internet-facing systems.

The vulnerability (tracked as CVE-2017–5638) was particularly nasty as it did not require the developer to have used any particular functionality in the framework. In many cases the vulnerable component may have been installed and have been just sitting there redundant, not in use but exposing a critical weakness to the internet.

Example attack code has already been shared online, and reports were not far behind of this vulnerability being actively exploited in the wild.

While there are plenty of other articles discussing the technical details of the flaw, the immediate questions for most businesses are simple.

  1. Do you have the capability to check your systems for this weakness?
  2. Have you already checked for this flaw across your internet-facing estate, and kicked off urgent remediation activity where it is detected?

Intruder was founded on the principle that rapid responses to such emerging threats will become more and more necessary and more and more important over time. Therefore, as part of our “Intruder Pro” service offering, we have already scanned all of our customer’s systems, and either notified them of their weaknesses or notified them of their continued security.

These emerging threats can seriously impact your security, and we are glad to have been able to help our customers already. But for anyone else out there who’s still unsure, there’s always our free trial. ;)

Get Our Free "Ultimate Guide to Vulnerability Scanning"
Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Written by

Chris Wallis

Recommended articles

Ready to get started with your 30-day trial?

try for free