Hello, welcome to the Friday, September 8th, 2017 edition of the Sansonet Stormers Stormcast. My name is Johannes Ulrich,

and the time recording from Jacksonville, Florida. Well, and sadly, it looks like struts vulnerabilities are not going away.

We do have a second vulnerability here in Apache struts. This vulnerability is also

a remote code execution vulnerability but it only affects fairly specific

expressions so if you're not using these particular constructs in your code then you

shouldn't have a problem.

Of course, there will be a problem that you now have to figure out whether or not you're

using these constructs in your code and that could make things a little bit more complicated.

But well, the short answer is patch and update to the yet latest and greatest version.

That would be struts 2512 and struts 2334, depending on if you're on the 2.5 or 2.3 branch.

At the same time, we are actually seeing exploit attempts against the earlier struts

vulnerability. So that definitely has taken off after the meta-sploid module was released.

The exploit attempts that we have seen so far appear to be triggered by that meta-sploid module.

So individual attempts, no big kind of warm at this point, but we all know that's coming

next and that's probably going to show up within the next few days.

Still, I'm seeing enough of these exploit attempts where I would say if you are running a somewhat

higher profile website, someone probably already tried this particular exploit against your

site.

So again, before you update or as you update, make sure that your site hasn't already been compromised.

I usually don't cover a lot of breaches here because there are just too many of them,

but we do have one that's quite significant that was made public today,

and it affects the U.S. Credit Bureau Equifax.

...