Symantec Cloud Workload Protection - Test Drive Application

Disclaimer: This is a test application deployed through Symantec Cloud Workload Protection CFT template. This is a test drive stack and demo application intended for test purpose only. Do not move, copy, modify or run this application on any of your other servers. Symantec is not responsible for any adverse effect of this application.


Update /etc/httpd/conf/httpd.conf


Apache Struts2 Vulnerability (cve2017-5638)

Apache Struts 2 is a popular open source framework to build web applications. Later, the web application can be deployed in web container like Apache Tomcat, Glassfish etc. The recent found vulnerability (CVE-2017-5638) allows the remote attacker to execute the operating system commands through the Struts based web application. To know more about the vulnerability, go through the links given below,

cve-2017-5638-new-vulnerability-in-apache-struts-2
attacks-heating-up-against-apache-struts-2-vulnerability
apache-struts2-CVE-2017-5638-Exploit

Launch Apache Struts2 Exploit,

In Server URL, replace IP-Address by Struts server's IP address which we want to hack. Get the TestStrutsServer's public IP Address from EC2 portal > instances on AWS portal.
In Command, enter any OS command which needs to be remotely executed on the Struts server. Then click the launch exploit.

Protect The Web Servers,

Create a Tomcat Policy Group in CWP and apply the policy group to the Struts server. Then onwards, CWP prevents every attack and generates an event to notify the user.


Launch Exploit (CVE-2016-5195), protected by CWP Unix OS Policy


Upload File to /var/www/html/uploads Folder





©Symantec Corporation 2016-2017