After the issuance of a
early on the massive use by various attackers vulnerability criticism of Apache Struts
, which has affected by the time to over 35 million teams on the internet, has developed a CCN-CERT Report of Threats (IA-09/17)
that brings together the main actions. Audit vulnerability in a web server, remedial action, to the case of having been attacked and a number of recommendations of the security council is of the above-mentioned report urges that you update your systems as soon as possible.
This document explains how to determine whether a web server is affected by the aforementioned vulnerability and, where appropriate, upgrading Apache Struts to version 2.3.32 or 2.5.10.1 and implement a series of measures in the firewall or in shaping the development of the applicatif affected.
In the case of his having been a victim of an attack using this vulnerability, it is recommended to undertake a number of actions for review (use of the root user, the list of users, the configuration of iptables on the server, etc.) and to prevent future attacks, CCN-CERT invited to keep up-to-date systems, to have backups, limit the privileged user and implementation of the security measures indicated in the different CCN-STIC Guides to maintain a level of safety in the systems as high as possible.
