A few days after Apache released a new version of the Struts application development framework to address a number of vulnerabilities, security researchers came across automated tools designed to exploit the security holes in question.
According to Trend Micro experts, the tools have been created by Chinese hackers and they target Struts vulnerabilities that can be exploited to run arbitrary commands on the impacted servers.
The hacking tools are capable of performing several tasks. They can be used to acquire information about the target, steal data, gain and maintain access to the targeted system, and even remove evidence of an attack.
The attacks observed by Trend Micro have been directed at Asian organizations.
Additional technical details regarding the attacks and the hacker tools are available on Trend Micro's blog.
If you haven’t updated your installation, download Apache Struts from Softpedia.