Active exploitation of Struts vulnerability S2-052 CVE-2017-9805

Yesterday night (06 September 2017 UTC) we observed active exploitation of Struts vulnerability S2-052 CVE-2017-9805 (announced a day earlier). Here is the request we observed: The POST request to /struts2-rest-showcase/orders/3 allowed us initially to detect this attempt. The packet capture shows that this is a full exploit attempt for reconnaissance purposes: the payload is a … Continue reading Active exploitation of Struts vulnerability S2-052 CVE-2017-9805