Security researchers have discovered proof-of-concept code of an Apache Struts vulnerability exploit, to include a Python script that makes it easier to exploit.
The exploit code was published on GitHub just days after the Apache Software Foundation issued a security update on August 22 for a critical remote code execution (RCE) vulnerability (CVE-2018-11776) in Apache Struts 2.
According to Recorded Future, this vulnerability could be more trivial and even easier to exploit than last year’s Apache Struts exploit (CVE-2017-5638) that was linked to the Equifax breach. The new exploit doesn’t require any additional plugins to successfully exploit.
Recorded Future also detected chatter in a number of Chinese and Russian underground forums regarding the exploitation of this vulnerability.