Get In Touch
March 2017 Archives
Akamai has created two new WAF rules in response to new information about the Apache Struts2 vulnerability. The first rule, the most recent version of KRS Rule 3000014, is a standard part of the Kona Ruleset and protects against the many common attacks leveraging this vulnerability. This rule is designed to allow organizations that have complex environments to continue operating without risk of the WAF rule interfering with their environments.
On Monday, March 6th, the Apache team patched a vulnerability in Apache Struts2 framework. Apache Struts is an open-source web application framework for developing Java web applications. The vulnerability exists in the Jakarta Multipart parser, which can be tricked into executing attacker-provided OGNL code. The impacted versions are 2.3.5 through 2.3.31, and 2.5 through 2.5.10 of the Apache Struts framework. If you are currently running an affected version of the
Summary On Monday, February 27, 2017, security researcher Omer Gil published a blog post laying out a data exfiltration method called a "Web Cache Deception Attack." The attack leverages web caching functionality to potentially expose sensitive information or allow for account takeover (ATO) attacks. Caching is often used to reduce load and time-to-delivery for a web server receiving requests for content, but this attack shows ways in which, given certain