Apache Struts framework for Java easily hacked
Posted by: Timothy Weaver on 08/15/2013 03:12 PM
[
Comments
]
Users of the Apache Struts framework for Java are being urged to immediately upgrade to the current version. That version is Struts 2.13.15.1 , which was released in July.
With a few simple clicks, attackers can determine the name of the current user account, display the version number of the OS, view network and system configuration information, list the contents of directories, and – particularly worryingly – add new user accounts.
The attack works on servers running either Windows or Linux, although the actual commands that can be executed will differ depending on the OS.
With a few simple clicks, attackers can determine the name of the current user account, display the version number of the OS, view network and system configuration information, list the contents of directories, and – particularly worryingly – add new user accounts.
The attack works on servers running either Windows or Linux, although the actual commands that can be executed will differ depending on the OS.
Comments
