10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Author: janes(know Chong Yu 404 laboratory)
Date: 2017-03-15
Struts2 official to GMT 2017 3 December 6, 10pm published Struts2 there is a remote code execution vulnerability vulnerability number S2-045, CVE number: CVE-2017-5638, and rated as high-risk vulnerabilities. Because the vulnerability affects a wide range of(Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10, the vulnerability degree of harm is severe, you can directly access the application system of the server where the control limit, and 3 on 7 May in the morning on the Internet on the outflow of the vulnerability of the PoC and Exp,so, S2-045 vulnerability in the Internet on the impact of rapid expansion, by the Internet companies and the government attach great importance. From vulnerability announcement to now(3.6-3.15)has been more than a week, so take this opportunity to analyze S2-045 in the social media Twitter and on Sina Weibo heat distribution.
If you want to analyze Twitter and on Sina Weibo, S2-045 vulnerability of the heat distribution, then you need to get Twiiter and Facebook on the data, with the data speak. So they use“selenium+phantomjs”go crawling the data via Twitter and Sina Weibo web page to the search interface, respectively, search for the keyword“s2-045”and“CVE-2017-5638”, then the search results go to the weight and finishing, taking to Twitter and Facebook, the time display of the time zone inconsistencies, using the same crawl page timestamp and then converted to the local time of the way of a unified time zone issues, the crawling data in the time to 2017 year 3 month 14 days afternoon 18 when, the results as shown below.
Twitter! [](/Article/UploadPic/2017-3/2017316104811455. png)
Sina Weibo! [](/Article/UploadPic/2017-3/2017316104812512. png)
Statistics daily S2-045 vulnerability in the Twitter and on Sina Weibo, the number of occurrences, to obtain the following table, Twitter, the CCP appears 73 times, Sina Weibo, the CCP appears 45 times. On the dissemination of the amount of data, S2-045 vulnerability of the data amount is not large, this reflected from the side of the security vulnerabilities of the information and not by the majority of the people of concern, mainly in the security circle propagation.
Social media | 3 December 7 | 3 8 March | 3 April 9 | 3 October 10 | 3 11 March | 3 November 12 | 3 13 February | 3 March 14 |
---|---|---|---|---|---|---|---|---|
16 | 3 | 7 | 15 | 6 | 11 | 15 | 0 | |
Sina Weibo | 23 | 8 | 7 | 3 | 0 | 0 | 1 | 3 |
! [](/Article/UploadPic/2017-3/2017316104812815. png)
Using the above table of data, production of graphics, get as on the heat distribution from the figure it can be seen:
There may be several reasons could explain this phenomenon:
3 December 7, Sina Weibo and Twitter are data peak, then the 3 on 7, data, time period distribution mapping as follows, As can be seen, the morning 8 When before, Sina Weibo and Twitter, the amount of data is 0, 8 to 10 period rooms began to appear, it seems, and working hours more in line with the, The and the data the peak occurred mainly in the afternoon 14 to 18 between, perhaps this is because PoC and Exp on the Internet widely spread, caused the Internet began to be mass attack(reference HackerNews Struts2 vulnerability disclosure 24 hour) to.
! [](/Article/UploadPic/2017-3/2017316104812327. png)
Finally, look at Twitter and Sina Weibo on on S2-045 vulnerability in the first message what time and by whom issued, and the results are shown in the following table. Twitter and Sina microblogging issued the first message is not the same person, but the transmission time difference is not much, visible at home and abroad to exploit the perceptual capacity is relatively quite.
Ibid., the times are Beijing time, according to the unix time stamp conversion.
Social media | time | nickname | real identity |
---|---|---|---|
2017-03-07 09:29:00 | @amannk | ||
Sina Weibo | 2017-03-07 09:44:29 | gnaw0725 | nsfocus Brand Manager Wang Yang |
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%