Struts CVEs 2017

Published by Matt Clemons on

Struts vulnerable ISOs.

https://pentesterlab.com/exercises/s2-045
https://struts.apache.org/docs/s2-045.html  –  CVE-2017-5638

https://pentesterlab.com/exercises/s2-052
https://struts.apache.org/docs/s2-052.html  –  CVE-2017-9805

Pentesterlab has over 20 free labs where you can learn some techniques used for some pretty big vulns that happened over the past few years.

Pro version is 20 bucks a month.

Good to see someone doing this again.  The old De-ICE ISOs were a ton of fun.

If you cannot upgrade, Struts2 vulnerabilities can be prevented with the commercial version of mod_security. https://ssl.trustwave.com/web-application-firewall

Categories: Security

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Security

Threathunting with Elasticsearch

All kinds of interesting information can be found using the Elasticsearch API. https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html I find it easier than using Kibana, but Kibana was necessary to figure out the query language. Using the same queries, you Read more…

Hardware

Cisco router CA server

Easy way to create a CA server for testing purposes.

Linux

Cleared SAA-C02

I started with acloud.guru AWS Certified Solutions Architect Associate course. https://acloudguru.com/course/aws-certified-solutions-architect-associate-saa-c02 If you get the pro subscription, you get access to labs without having to create your own AWS accounts. I think it’s 50 bucks Read more…