Apache Struts - Remote Code Execution (CVE-2017-9791)

Apache Struts is affected by a Remote Code Execution vulnerability. Apache Struts 2.3.x with the Struts 1 plugin allows attackers to use existing Struts 1 Action and ActionForms in Struts 2 applications. This vulnerability is caused by the message presented to the user, which is processed by the "ActionMessage" routine and returned back to the user by the "message" function. Lacking proper validation before execution, the message processed by the server may potentially cause remote code execution. This allows a malicious unauthenticated attacker to execute arbitrary code on the server. The use of Object Graph Navigation Language (OGNL) makes it easy to execute arbitrary code remotely because Apache Struts uses it for most of its processes.

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

The risk exists that a remote unauthenticated attacker can fully compromise the Apache Struts in order to steal confidential information, install ransomware or pivot to the internal network.

Upgrade Apache Struts to the latest version or to a version higher or equal than 2.4.

https://nvd.nist.gov/vuln/detail/CVE-2017-9791

https://cwiki.apache.org/confluence/display/WW/S2-048