Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday

Yesterday saw CVE-2017-9805, today we have a new remote code execution vulnerability in Apache Struts 2 which is CVE-2017-12611. Yesterdays was in the REST API and related to Java XML unsafe deserializarion. Todays relates to using Freemarker in your application. Both should encourage you to patch.

Current versions are Struts 2.3.34 and Struts 2.5.13.

Cheers,
Adrien de Beaupré, SANS Instructor and #SEC642 Co-author

I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS Cyber Defence Asia Pacific 2021

 Adrien de Beaupre

353 Posts
ISC Handler
Sep 8th 2017
Thread locked Subscribe Sep 8th 2017
3 years ago

Sign Up for Free or Log In to start participating in the conversation!