That didn't take long: Last week, the Apache Foundation reported that a new serious vulnerability had been found in Struts. This week, proof-of-concept code for the flaw, including a Python script for easier code deployment, was found available on Github.
Unlike vulnerabilities that led to breaches like that at Equifax, this Struts vulnerability is the result of a specific configuration rather than a set of add-ins. While no exploit code had been found "in the wild" at the time of the original notice, the proof-of-concept code placed on Github is likely to shorten the interval until real exploitation is attempted by an attacker.
Meanwhile, Python code that probes for the vulnerabilities has been published to Github as well. A cursory examination of the Python script shows it is simple to check for the vulnerable configuration; the actual work is done in less than 20 lines of code.
Allan Liska, senior security architect at Recorded Future, says that exploiting the vulnerability now means that "a simple, well-crafted URL is enough to give an attacker access to a victim's Apache Struts installation. There is already exploit code on Github, and underground forums are talking about how to exploit it."
He warns that many large organizations may be unaware they are at risk, "because Struts underpins a number of different systems, including Oracle and Palo Alto."
All Apache Struts users have been urged to update to versions 2.3.35 or 2.5.17 as rapidly as possible to avoid exposure to a remote code execution attack exploiting the vulnerability.