In a pattern that has played out repeatedly over the past year or two, researchers in the past two days have reported a string of ongoing attacks that take control of Web servers by exploiting critical vulnerabilities in Apache software, Joomla, and other applications used to deliver content and programs online.
The vulnerabilities in both the Apache Struts framework and the Joomla content management system have been fixed recently, but attackers continue to exploit the flaws on servers that have yet to install the updates, according to research published in the past two days. The attacks can have severe consequences for the websites that use the older versions, since the exploits make it possible to execute malicious code that can pilfer confidential customer data, mount malware attacks on visitors, and install applications that give attackers persistent backdoor access to some of a server's most sensitive resources.
One recent avenue for gaining backdoor access is an automated tool that exploits recently patched versions of Struts, an Apache framework for developing Java applications. The hacking tool, which researchers discovered three days after Apache's July 16 security advisory was issued, takes away much of the difficulty of manually injecting commands needed to extract sensitive information from vulnerable servers.