This post was originally published here by cliff turner.
Unless you’ve been avoiding the news lately, you’ve likely heard about a few major breaches and the Apache Struts vulnerabilities associated with them. Apache Struts 2 is an elegant, extensible framework for building enterprise-ready Java web applications. But unfortunately this year there have been multiple security bulletins for this framework.
After any major breach, organizations should immediately turn inward and examine whether they too are at risk.
As always, the best prevention is to patch your stuff, however the reality is that this can’t always be done immediately. In the case of a web application based on Apache Struts, you should consider a web application firewall in front of the application if you can’t update your Apache Struts framework.
So how do you know if you’re vulnerable?
To determine which of your websites are susceptible to the Apache Struts 2 vulnerabilities, you could run a network-based web scanner. However, many companies have problems keeping their scanners up-to-date and deploying them in cloud workloads. If you have a network scanner, you should verify it is up to date with the Apache Struts vulnerability and run it as soon as possible.
The CloudPassage Halo platform has multiple components that can be used to detect Apache Struts and its related vulnerabilities. Halo provides configuration checking, workload log analysis, and file integrity checking that can all be used to investigate and prevent these types of issues. By combining Halo’s file integrity module (FIM) and extensive API, we have built a report that can show you which of your servers contain the Apache Struts framework, the versions that are deployed and which ones are vulnerable to the security bugs listed below.
Additionally, since Halo keeps an inventory of all your servers, you may want to check Halo for any other vulnerabilities while you are investigating.
To learn more about how you can get these custom policies or reports deployed on your workloads, contact that CloudPassage customer success at email@example.com.