bastillion-io / Bastillion-EC2

A web-based SSH console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS).

https://www.bastillion.io/features.html#ec2box

EC2box may be vulnerable to Struts2 attack

ciarancourtney opened this issue 7 years ago · comments

Ciaran Courtney commented 7 years ago

Anyone running EC2box publically may want to turn it off as a precaution. I've seen signatures in my ec2box logs contingent to this attack.

https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=1013

Sean Kavanagh commented 7 years ago

From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638

I have already updated to 2.5.10.1 on master 2d98906

I just need to put a release out. I'll try and do that tonight! Thanks @ciarancourtney!

Sean Kavanagh commented 7 years ago

Done - https://github.com/skavanagh/EC2Box/releases/tag/v0.30.03

Thanks again @ciarancourtney!