CVE-2017-5638

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2017-5638 is a significant vulnerability found in Apache Struts, a widely used open-source framework for developing Java web applications. This flaw in software design or implementation allowed attackers to remotely execute commands on the server running the vulnerable application, leading to potential data breaches. A notable instance of this vulnerability's exploitation was the Equifax Inc. data breach in 2017, where attackers were able to infiltrate the company's servers due to an unpatched Apache Struts vulnerability. Secureworks identified a group known as Gold Melody, linking them to five intrusions between July 2020 and July 2022. These attacks involved the exploitation of various vulnerabilities, including those affecting Oracle E-Business Suite (CVE-2016-0545), Apache Struts (CVE-2017-5638), Sitecore XP (CVE-2021-42237), and Flexera FlexNet (CVE-2021-4104). By exploiting these flaws, the attackers gained initial access to the targeted systems. The same set of vulnerabilities was observed across multiple Secureworks Incident Response (IR) engagements, indicating a consistent pattern in the attack methodology. In addition, other cybercriminal gangs have been observed exploiting known vulnerabilities in internet-exposed servers as initial access vectors. These include flaws in Oracle E-Business and WebLogic (CVE-2016-0545, CVE-2020-14882, and CVE-2020-14750), Sitecore (CVE-2021-42237), Apache Struts (CVE-2017-5638), Log4j (CVE-2021-4104), JBoss MQ Java Message Service (CVE-2017-7504), and Citrix ShareFile (CVE-2021-22941). Kaspersky also observed an attack chain that began with the exploitation of the old vulnerability in Apache Struts 2 (CVE-2017-5638), the same bug used in the Equifax data breach of 2017.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Apache
Apache Struts
Log4j
Equifax
Struts
Kaspersky
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Log4ShellUnspecified
2
Log4Shell is a critical software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) in the logging feature of the Java programming language, known as Log4j. This flaw was publicly disclosed on December 9, 2021, impacting millions of devices and applications globally, including those
CVE-2021-42237Unspecified
1
CVE-2021-42237 is a software vulnerability discovered in Sitecore XP, a popular content management system. This flaw was one of several exploited by the cybercriminal group known as Gold Melody between July 2020 and July 2022. The group targeted internet-exposed servers, using these vulnerabilities
CVE-2016-0545Unspecified
1
CVE-2016-0545 is a software vulnerability that affects the Oracle E-Business Suite. It is a flaw in the software's design or implementation that potentially allows unauthorized access or manipulation of data. This vulnerability was one of several exploited by the group known as Gold Melody between J
CVE-2020-14750Unspecified
1
None
CVE-2020-14882Unspecified
1
None
CVE-2021-4104Unspecified
1
CVE-2021-4104 is a software vulnerability identified in Flexera's FlexNet. This flaw in the software design or implementation can be exploited by attackers to gain unauthorized access to systems running the affected software. The vulnerability was one of several security flaws used by Gold Melody, a
CVE-2017-7504Unspecified
1
CVE-2017-7504 is a significant software vulnerability identified in the JBoss MQ Java Message Service (JMS). This flaw, rooted in software design and implementation, allows for deserialization attacks when exploited on an internet-exposed server. The vulnerability has been abused by malicious actors
CVE-2021-22941Unspecified
1
CVE-2021-22941 is a significant software vulnerability identified in Citrix ShareFile, which allows for remote code execution (RCE). This flaw was exploited by the threat actor group known as GOLD MELODY, also referred to as PROPHET SPIDER. The group has been linked to various attacks exploiting sec
Source Document References
Information about the CVE-2017-5638 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
6 months ago
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug
CSO Online
a year ago
Top 10 open source software risks for 2023
CERT-EU
8 months ago
Equifax fined £11.1M for 'entirely preventable' mega breach
Securelist
6 months ago
Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
CERT-EU
9 months ago
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
CERT-EU
6 months ago
Understanding the Impact of the new Apache Struts File Upload Vulnerability
CERT-EU
9 months ago
GOLD MELODY: Profile of an Initial Access Broker
DARKReading
6 months ago
Complex 'NKAbuse' Malware Uses Blockchain to Hide on Linux, IoT Machines
DARKReading
9 months ago
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
CERT-EU
6 months ago
Critical Struts 2 flaw could result in remote code execution, says Apache
DARKReading
a year ago
AppSec Playbook 2023: Study of 829M Attacks on 1,400 Websites
CERT-EU
9 months ago
Gold Melody IAB exploits flaws in Oracle, Apache, Sitecore software to hack into corporate networks
CERT-EU
9 months ago
Gold Melody Attacking Organizations With Burp Extension, Mimikatz, and Other Tools
CERT-EU
9 months ago
Celebrity Vulnerabilities: Effective Response to Critical Production Threats
InfoSecurity-magazine
6 months ago
Apache Warns of Critical Vulnerability in Struts 2