What is it? CVE-2017-9805 is a vulnerability in Apache Struts related to using the Struts REST plugin with XStream handler to handle XML payloads. If exploited, the vulnerability allows a remote unauthenticated attacker to run malicious code on the application server, facilitating use of the victim machine as a DDOS bot, spam bot or for another malicious purpose. We have confirmed reports that this vulnerability is in the wild and being exploited.
Customers hoping to protect themselves from this vulnerability can take the following actions:
Web Application Protector customers who have the Command Injection Threat Group set in DENY mode are already protected. Akamai recommends that Web Application Protector customers who do not have the Command Injection Threat Group set to DENY mode should move to DENY mode as soon as possible.
Managed Kona customers have been contacted by Akamai Professional Services proactively and individually and are being serviced.
For Kona Site Defender customers without “Managed Kona”, the new KRS Rule ID 3000065 is available for use in all ruleset versions. If you are a current Kona Site Defender customer, you do not have to upgrade your KRS rules -- instead you will need to:
- Edit your KSD configuration
- Enable Rule ID 3000065; and
- Activate your updated configuration
Akamai recommends moving to DENY as soon as possible to prevent exploitation of vulnerable servers.
If you have questions, enter them as comments below or contact your Akamai representative.