It is not clear yet why the vulnerability of Apache Struts is being exploited widely 48 hours after a patch was released. One of the possible reasons is that the Apache Struts maintainers didn't sufficiently disclose the risk. Although the whole team involved in the issue categorized the vulnerability security rank as high, they also define it as a "possible remote code execution" hazard.
Public Attacks Exploiting Against Apache Struts Vulnerability
According to Arnet, public attackers are widely exploiting a newly patched vulnerability in Apache Struts which allows them to remotely produce malicious code on various web servers. The attacks and scans are exposed on Apache web servers and have ramped up dramatically since Monday, March 6. It started when a vulnerability in the Apache Struts was patched and proof-of-concept exploit code was launched into the Metasploit module.
“The second someone starts working on a Metasploit module," Craig Williams, manager and senior leader of the Cisco’s Talos Outreach team, said. He also noted that what happened is a ramp-up for the rapid exploitation by a huge number of people and that is likely going to continue to increase. With that, it is also possible to see people trying to scan for the vulnerability of the web developer.
How Risky Is This Situation?
The ThreatPost said that the attacks in the vulnerability, CVE-2017-5638, are particularly risky to anyone operating their Apache web servers as the root of the development. Williams said that until now, it’s unclear whether an attacker can be harmful or not. However, as with some earlier internet-wide bugs, there are surely a large number of scans happening.
If the attacker/s will modify a single line of the operating system, the target will still run but with just a limited function. Unless the attackers are looking for a content, it’s easy not to see the malformed content type. Williams also said that the chances are very critical for a firm running an exposed Apache Struts server especially if it’s compromised. “The sky’s the limit,” Williams said describing how risky this situation is.