Update Protection against Apache Struts Security Bypass and Directory Traversal

Vulnerability
Protection

Check Point Reference:	CPAI-2008-240
Date Published:
Severity:
Source:	Secunia Advisory: SA32497
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Apache Software Foundation Struts Prior to 2.0.12
Vulnerability Description A directory traversal vulnerability has been reported in Apache Struts. Apache Struts is a Java-based web application development framework. This vulnerability allows an attacker to access normally-inaccessible files and directories through a specially-created HTTP request, leading to potential disclosure of sensitive information.

Vulnerability Details
The flaw is due to the way Apache Struts handles crafted URIs that contain directory traversal patterns. This allows attackers access outside legitimate folders and can lead to security restriction bypassing and sensitive information disclosure.

Protection Overview
By enabling this protection, IPS-1 will detect and block HTTP Requests involving the Struts web framework that contain double-encoded URLs.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the Apache Attacks protection group
3. Click Apache Struts FilterDispatcher and DefaultStaticContentLoader Classes Directory Traversal (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: Attacks against Apache web servers
Description: Apache Struts FilterDispatcher and DefaultStaticContentLoader Classes Directory Traversal

Legal Notice for Threat Center Advisories