CVE-2017-5638: Apache Struts 2 Vulnerability

Struts-Shock-Blog

Apache Struts 2 is an open-source development framework for Java applications.
On March 6th, 2017, a vulnerability tracked as CVE-2017-5638 in Apache Struts 2 was made public. This vulnerability could allow an attacker to perform remote code execution with a malicious Content.
This particular vulnerability can be exploited if the attacker sends a  request to upload a file to a vulnerable server that uses a Jakarta-based plugin to process the upload request.
The attacker can then send malicious code in the Content-Type header to execute the command on a vulnerable server.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string as exploited in the wild in March 2017.

Solution
===========
Both Cisco and Apache researchers asked administrators to upgrade their systems to Apache Struts version 2.3.32 or 2.5.10.1

How to fix Dirty Cow vulnerability – CVE-2016-5195

A serious vulnerability named Dirty COW has been discovered recently which has put the Linux kernel under risk. Its said that this vulnerability was noticed nine years ago (since version 2.6.22 in 2007) and remained unnoticed throughout this time. A researcher named Phil Oester was the man behind the detection of this serious threat.

According to him, the vulnerability is described as a race condition where the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings. In this way, the attackers gain write access to read-only memory updates and this paves way to their increased privileges on the system. Continue reading…

DROWN ATTACK – SSLv2 Vulnerablity

Security researchers identified a new openSSL vulnerability, called DROWN( Decrypting RSA With Obsolete and Weakened Encryption ) on March 2016. This attack was focused on servers that uses the more secure TLS protocol, which also supports the obsolete SSLv2.This vulnerability allows an attacker to decrypt the highly secured TLS encrypted communication, if the server houses SSLv2 cipher support.

DROWN was assigned the CVE-2016-0800 id by the us-nert on march (https://www.us-cert.gov/ncas/bulletins/SB16-067 ).

More than 11 million websites that uses TLS were vulnerable to DROWN attack.If your website is protected by TLS and your server directly on indirectly supports the older SSLv2 , you are also vulnerable and an attacker may exploit it to get important information such as  user names, password, financial credentials,important documents ..etc. Continue reading…

Configuring cPHulk via WHM & command line

Now-a-days Brute force attacks to servers/websites are frequent. Brute force attack is generally a password guessing technique. It is a type of attack in which trying every possible combination of characters or data in order to find the decrypted message. A brute force guarantees finding the key – it’s trying every possible combination and does not rely on any potentially incomplete dictionaries or lists of possible keys.

cPHulk  Brute force Protection is an inbuilt protection used in WHM for preventing brute force attack. cPHulk Brute force Protection  will detect and will block continuous failed login IP address.

cPHulk is a brute force protection system developed by the cPanel team and is exclusive to cPanel / WHM control panels. It has been integrated with cPanel version 11. With cPHulk, you can set a threshold for authentication attempts on services like POP3, cPanel, WHM, FTP, etc. After a certain amount of attempts, the attacker will no longer be able to authenticate

We can enable/disable cPhulk via WHM and command line. Continue reading…