Apache Struts 2.3.25 and 2.5.17 resolve Cryptojacking Exploit Vulnerability

Information regarding a severe vulnerability found in Apache Struts was revealed last week. A proof of concept of the vulnerability was also published publicly along with the vulnerability’s details. Since then, it seems that malicious attackers have set out to repeatedly exploit the vulnerability to remotely install a cryptocurrency mining software on users’ devices and steal cryptocurrency through the exploit. The vulnerability has been allotted the CVE identification label CVE-2018-11776.

This behavior was first spotted by the security and data protection IT company, Volexity, and since its discovery, the rate of exploits has been increasing rapidly, drawing attention to the critical severity of the Apache Struts vulnerability. The company released the following statement on the issue: “Volexity has observed at least one threat actor attempting to exploit CVE-2018-11776 en masse in order to install the CNRig cryptocurrency miner. The initial observed scanning originated from the Russian and French IP addresses and”

With such high profile web application platforms and services such as Apache Struts, immediate reaction to vulnerabilities discovered as well as sufficient and effective patching of concerns is of the essence. When the vulnerability was initially discovered last week, users who brought it forward with proofs of concept on many different platforms urged the administrators of their respective platforms as well as the product’s vendor to take immediate action to protect users’ data and services. Notable data theft incidents have occurred in the past which have been exploitable due to untimely patching and update.

The Apache Software Foundation has asked users to update their Struts to versions 2.3.35 for the 2.3.x series and 2.5.17 for the 2.5.x series, respectively, to mitigate the risks posed by this vulnerability. Both updates are available on the firm’s website. The major internal changes made to both updates include the mitigation of a possible remote code execution lending itself to exploit due to no namespace, no wildcard, and no value URL issues. In addition to this, the updates are said to bring “critical overall proactive security improvements” as well.

Aaron Michael
Aaron Micheal is an electrical engineer by profession and a hard-core gamer by passion. His exceptional experience with computer hardware and profound knowledge in gaming makes him a very competent writer. What makes him unique is his growing interest in the state of the art technologies that motivates him to learn, adopt, and integrate latest techniques into his work.

Expert Tip

Apache Struts 2.3.25 and 2.5.17 resolve Cryptojacking Exploit Vulnerability

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested