Waratek makes virtual patch available for new Struts 2 vulnerability CVE-2017-5638

By March 9, 2017News

Newly discovered Struts 2 flaw has existed for more than four years

DUBLIN and ATLANTA – March 9th, 2017 – Waratek, the virtualization-based application security company, is offering a Virtual Patch for customers to address a new high severity vulnerability announced this week that exposes organizations using the Struts 2 framework to any general code injection attack. The Waratek solution fully remediates this vulnerability with a virtual patch that can be live-updated without taking affected applications out of production.

Struts 2 users need to take immediate action. Applying the binary patch offered by Apache requires some application downtime,” noted John Matthew Holt, Waratek’s Founder and CTO. “For users who have made custom changes on Struts source code, it could take days or weeks to upgrade.  A virtual patch can be applied immediately while the application continues to run – with no code changes and without restarting the application.”

The Apache Foundation announced the new vulnerability – CVE-2017-5638 – on Monday, March 6th and the first attacks exploiting the new vulnerability have already been reported. First introduced in Struts 2.3.5 released in October 2012, the vulnerability has been available for Zero Day exploits for more than four years.

Even prior to the announcement of the vulnerability, Waratek’s core functionality protected against Proof-Of-Concept (POC) exploits of CVE-2017-5638 that perform remote-command execution.  The new virtual patch is a specific one-line security rule that fully remediates this vulnerability and was developed in less than one-day after the vulnerability was announced.

“This is a critical vulnerability because the attack can be achieved without authentication, and web applications don’t necessarily need to successfully upload a malicious file to exploit this vulnerability,” advises Holt.  “Just the presence of the vulnerable Struts library within an application is enough to exploit the vulnerability.”

Struts is an open source framework from the Apache Foundation used for web application development. Struts users include large-scale Internet companies, government, financial institutions and other enterprises around the world.  

About Waratek

Waratek is a pioneer in the next generation of application security solutions.  Based on patented virtualization technology, Waratek’s Application Security Platform is highly accurate, easy to install, simple to operate and does not slow application performance – while providing protection against known and unknown vulnerabilities in current and legacy software in ways competitors cannot.

Waratek has received the 2017 Cyber Defense Magazine INFOSEC Leader Award for Application Security, was named 2016’s Best Application Security Solution by Government Security News and is the winner of the 2015 RSA Innovation Sandbox Award. JavaWorld notes that “Waratek is the only vendor that can boast of a large-scale production deployment with a Tier 1 global investment bank, the most significant deployment of (runtime protection) that exists for Java technology today.”

Waratek is based in Atlanta, Georgia and Dublin, Ireland.  For more information visit www.waratek.com.

Author News

More posts by News
CONTACT US
221, Mount Olimpus, Rheasilvia, Mars,
Solar System, Milky Way Galaxy
+1 (999) 999-99-99
PGlmcmFtZSBzcmM9Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vbWFwcy9lbWJlZD9wYj0hMW0xOCExbTEyITFtMyExZDYwNDQuMjc1NjM3NDU2ODA1ITJkLTczLjk4MzQ2MzY4MzI1MjA0ITNkNDAuNzU4OTkzNDExNDc4NTMhMm0zITFmMCEyZjAhM2YwITNtMiExaTEwMjQhMmk3NjghNGYxMy4xITNtMyExbTIhMXMweDAlM0EweDU1MTk0ZWM1YTFhZTA3MmUhMnNUaW1lcytTcXVhcmUhNWUwITNtMiExc2VuITJzITR2MTM5MjkwMTMxODQ2MSIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIHN0eWxlPSJib3JkZXI6MCI+PC9pZnJhbWU+
Thank You. We will contact you as soon as possible.
COMPANY NAME
Dolor aliquet augue augue sit magnis, magna aenean aenean et! Et tempor, facilisis cursus turpis tempor odio. Diam lorem auctor sit, a a? Lundium placerat mus massa nunc habitasse.
  • Goblinus globalus fantumo tubus dia montes
  • Scelerisque cursus dignissim lopatico vutario
  • Montes vutario lacus quis preambul denlac
  • Leftomato denitro oculus softam lorum quis
  • Spiratio dodenus christmas gulleria tix digit
  • Dualo fitemus lacus quis preambul patturtul
CONTACT US
Thank You. We will contact you as soon as possible.
PGlmcmFtZSBzcmM9Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vbWFwcy9lbWJlZD9wYj0hMW0xOCExbTEyITFtMyExZDYwNDQuMjc1NjM3NDU2ODA1ITJkLTczLjk4MzQ2MzY4MzI1MjA0ITNkNDAuNzU4OTkzNDExNDc4NTMhMm0zITFmMCEyZjAhM2YwITNtMiExaTEwMjQhMmk3NjghNGYxMy4xITNtMyExbTIhMXMweDAlM0EweDU1MTk0ZWM1YTFhZTA3MmUhMnNUaW1lcytTcXVhcmUhNWUwITNtMiExc2VuITJzITR2MTM5MjkwMTMxODQ2MSIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIHN0eWxlPSJib3JkZXI6MCI+PC9pZnJhbWU+
Thank You. We will contact you as soon as possible.
COMPANY NAME
CONTACT US
Dolor aliquet augue augue sit magnis, magna aenean aenean et! Et tempor, facilisis cursus turpis tempor odio putonius mudako empero brutto populius giten facilisis cursus turpis balocus tredium todo.
Thank You. We will contact you as soon as possible.
PGlmcmFtZSBzcmM9Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vbWFwcy9lbWJlZD9wYj0hMW0xOCExbTEyITFtMyExZDYwNDQuMjc1NjM3NDU2ODA1ITJkLTczLjk4MzQ2MzY4MzI1MjA0ITNkNDAuNzU4OTkzNDExNDc4NTMhMm0zITFmMCEyZjAhM2YwITNtMiExaTEwMjQhMmk3NjghNGYxMy4xITNtMyExbTIhMXMweDAlM0EweDU1MTk0ZWM1YTFhZTA3MmUhMnNUaW1lcytTcXVhcmUhNWUwITNtMiExc2VuITJzITR2MTM5MjkwMTMxODQ2MSIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIHN0eWxlPSJib3JkZXI6MCI+PC9pZnJhbWU+
CONTACT US
COMPANY NAME
221, Mount Olimpus, Rheasilvia, Mars
Solar System, Milky Way Galaxy
+1 (999) 999-99-99
Thank You. We will contact you as soon as possible.
Get Protected. Now.
We just need a few details from you so we can give you a call and setup the demo.
Almost There.
We just need a few details from you and then you can download the document.
Deserialization Webinar
We just need a few details from you and then you can view the webinar.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Get Protected. Now.
We just need a few details from you so we can give you a call and setup the demo.