Intrusion PreventionApache.Struts.2.REST.Plugin.XStream.Handler.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Apache Struts.
The vulnerability is caused by an error when the REST plugin with XStream handler deserialises XML requests. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted request.
Outbreak Alert
FortiGuard’s global sensor network report consistently high levels of attack attempts targeting vulnerabilities associated with Earth Lamia APT campaigns. According to Trend Research, the hacking group known as Earth Lamia has been actively targeting a range of sectors- including finance, government, IT, logistics, retail, and education- shifting its focus based on evolving objectives and time periods. The group is known for its high level of activity and primarily exploits known vulnerabilities in public-facing systems and web applications to gain access.
Affected Products
Apache Software Foundation Struts 2.5 to 2.5.12
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest update from the vendor
https://cwiki.apache.org/confluence/display/WW/S2-052
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 44501 |
| Created | Sep 08, 2017 |
| Updated | May 02, 2022 |
| CVE ID | |
| Tags | Earth Lamia APT Attack |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 94.32% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache |
| Profile Type | Code Injection |