Protection from Struts Remote Code Execution Vulnerability (S2-057)

On August 22, a new vulnerability (S2-057) was discovered in the Apache Struts framework that allows unauthenticated attackers to perform Remote Code Execution (RCE) on vulnerable hosts. This vulnerability is similar to previous Apache Struts vulnerabilities and can be mitigated by adjusting security rules. The exploit involves using Object-Graph Navigation Library (OGNL) expressions, which are often found in Apache Struts RCE payloads. The major difference between this vulnerability and others is the location where the payload can be supplied. Cloudflare has rules to protect against this particular vulnerability and many other Struts vulnerabilities, with no customer action required for Pro, Business, and Enterprise plan users. Since the disclosure, there has been a constant rate of attacks targeting S2-057 vulnerability, but most payloads are only probing rather than attempting to execute malicious actions.