Hackers targeting servers running Apache Struts application

1. Hackers targeting servers running Apache Struts application
2.  
3. Apache Struts is a popular open-source framework for developing Java-based Web applications that's maintained by the Apache Software Foundation.
4.  
5.  
6.  
7. Once hackers break into a Linux-based or Windows-based server using the Struts attack tool, they can execute pre-configured commands in order to extract information about the server's operating system, directory structure, active users, and network configuration.
8.  
9. The tool also allows attackers to plant a so-called Web shell that acts as a backdoor, giving them persistent access to the servers to execute other commands and use them as they see fit, Hayashi said.
10.  
11. Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.
12.  
13.  
14. A tool for exploiting known Struts vulnerabilities is available on Chinese hacker forums, Trend Micro researchers said
15.  
16.  
17.  
18. By Lucian Constantin
19. Romania Correspondent, IDG News Service | AUG 15, 2013
20. https://www.infoworld.com/article/2611848/hacking/hackers-targeting-servers-running-apache-struts-applications--researchers-say.html