PoC Exploit Targets the Apache Struts Surfaces on GitHub

PoC Exploit

Recently, a freely available PoC code has been discovered by researchers on GitHud, which could be used to attack unpatched security holes in Apache Struts 2.

Proof-of-concept exploits code surfacing on GitHub raised the stakes on existing Apache Struts 2 bugs, which allow for code execution remotely and denial-of-service attacks on various vulnerable installations.

The CISA (Cybersecurity and Infrastructure Security Agency) issued an alert regarding these two bugs, tracked as CVE-2019-0230 and CVE-2019-0233.

Struts 2 is an open-source coding framework and library for all enterprise developers popular with companies and developers while creating Java-based applications. Both the exploitable vulnerabilities in question were actually fixed last November.

Source: Threatpost