meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, August 23rd 2018

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 22 August 2018

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. New Critical Apache Struts Vulnerability; Ghostscript Vuln; Photoshop CC Vuln

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, August 23rd, 2018 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich, and the day I'm recording from Stockheim, Germany.

0:13.0

Never a good day if you have a new vulnerability in struts that can lead to remote code execution. This vulnerability CVE 2018 11776 was found by

0:27.2

SAML security research. They also have found a couple of the earlier vulnerabilities that, for example,

0:35.1

led to some of these large breaches like for example Equifax.

0:40.3

Now what helps a little bit here is that not everybody running struts is necessarily

0:45.3

vulnerable. You have to have the always select full namespace flag set to true. This isn't

0:52.3

done usually but if you have the convention plugin install

0:57.0

for struts, then this is likely the case for your application. Secondly, your application

1:02.9

needs to use an action that is configured without specifying a namespace according to a

1:08.2

SAML. Wildcard namespaces aren't going to solve the problem, so you will still be vulnerable in this case.

1:14.6

Now, this typically for any actions that you specify in your Struts configuration file,

1:20.6

and if you're using the Struts Convention plugin, then this could also happen for namespaces specified in the Java code.

1:29.0

Okay, so this sounds quite abstract.

1:31.7

Let me give you a more specific example from the Samuel Advisory, and that's a redirect action.

1:38.5

You configure a redirect where a user is being sent to a different URL within your struts application.

1:45.7

Well, in this case, you are vulnerable, again, if you're using the struts convention plugin.

1:51.5

The next thing you're probably going to ask is, is there proof of concept exploit out there?

1:55.8

And yes, there is.

1:57.3

I've seen proof of concept exploit, for example, on Reddit and such. It's very simple,

2:03.3

actually, in particular, for the redirect exploit. All you need to do is include the command that you

2:09.5

would like to execute as part of the URL. So what should you do? Well, if you have no idea if you are using the strats conventions or if it's configured in a vulnerable way, I would recommend update.

2:26.3

It probably will take you too long to figure out how all of your applications are configured and if they're vulnerable by then you're already

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.