#

Remote Code Execution Vulnerability in Struts 2(S2-052)

Apache released a security bulletin(S2-052) addressing a security vulnerability(CVE-2017-9805) in Struts 2. The bulletin says that a remote code execution(RCE) attack is possible when using the Struts REST plugin with XStream handler to deserialize XML requests. Attackers can take advantage of this vulnerability to perform such operations as adding or deleting user accounts, viewing, modifying or deleting files, inserting backdoor, etc.

Date Published:2017-09-08 Read More >>

Recent Security Event

#

Remote Code Execution Vulnerability in Struts 2(S2-048)

On the evening of July, 7th, 2017, Apache released a security bulletin(S2-045) addressing a security vulnerability(CVE-2017-5638) in Struts 2. The bulletin says that the application Showcase in Struts2 contains remote code execution vulnerability, which can be used by attackers to perform such operations as adding user accounts, viewing, modifying or deleting files, etc.

  • Source:SANGFOR Security Center
  • Date Published:2017-07-25
#

Petya Ransomware Attack

In the evening of June, 27th, 2017, a malicious ransomware known as Petya spread across the world. According to foreign news media HackerNews, in Ukraine, many banks including the national bank Oschadbank and many other private banks, electric power company KyivEnergo, and national post system UkrPoshta were all attacked by Petya.

  • Source:SANGFOR Security Center
  • Date Published:2017-06-30
#

WannaCry Ransomware Worm Attacking Network of Universities and Governments

In the evening of May, 12th, WannaCry Ransomware Worm took place and attacked the network of government, school, hospital, etc, globally. A great many domestic industries have been affected, among which, the education industry was the most severely attacked and therefore many education systems crashed.

  • Source:Sangfor Security Center
  • Date Published:2017-05-14
#

Arbitrary File Upload Vulnerability In PHPCMS v9.6.0

A severe arbitrary file upload vulnerability has been discovered in PHPCMS v9.6.0. Attackers can abuse this upload feature to upload Webshell so as to get control of the servers of the websites that have been affected.

  • Source:Sangfor Security Center
  • Date Published:2017-04-13
#

[Vulnerability Alert] Remote Code Execution Vulnerability in Struts 2(S2-045)

On March, 7th, 2017, Apache released a security bulletin(S2-045) addressing a security vulnerability(CVE-2017-5638) in Struts 2. In that bulletin, it states that remote code execution will be triggered to perform operations (e.g., adding user accounts, viewing, modifying or deleting files, etc) when performing file upload based on Jakarta Multipart parser.

  • Source:Sangfor Security Center
  • Date Published:2017-03-09