LOS ANGELES, CA--(Marketwired - Mar 13, 2017) - Prevoty, the runtime application defense and intelligence company, announced today that its customers are automatically protected against popular remote code injection vulnerabilities such as the recent Struts 2 vulnerability (CVE-2017-5638) and will not need to take any further action to achieve full coverage.
A new zero-day vulnerability targeting the Apache Struts 2 framework was recently discovered, allowing attackers to perform remote code execution, due to how Jakarta Multiparser handles exceptions. While The Apache Foundation only recently announced discovery of the new vulnerability on March 6, reports indicate it is already being exploited.
Prevoty's customers and the billions of users they serve, however, are automatically protected against vulnerabilities of this nature like CVE-2017-5638.
The Prevoty Runtime Application Self-Protection (RASP) solution blocks any exploit of the CVE-2017-5638 in native or third-party applications right out of the gate. Prevoty protects these and other OWASP Top 10 vulnerabilities, including XML entity injection, cross-site scripting, SQL injection, cross-site request forgery, and more -- but without the need for any configuration or learning.
"With Prevoty RASP, vulnerabilities like these are prevented right out of the box -- with no virtual patching, definition or signature updates required," explained Julien Bellanger, CEO and Co-Founder of Prevoty. "More of these attackers will be targeting this kind of vulnerability, and we operate with the unique belief that organizations should not have to wait for updates. Our real-time solution prevents attacks that target this specific Struts vulnerability."
Major enterprises in the financial services, banking, payments industry, eCommerce, media and more already rely on Prevoty for monitoring and protecting their production applications. Prevoty's unique approach protects organizations from attackers targeting vulnerabilities like CVE-2017-5638 without relying on a costly, risky and reactive patching process.
Attacks like these are likely to continue growing in frequency and severity as connected infrastructures and framework-based services continue to be adopted by organizations of all sizes.
"Traditional approaches and methodologies like a WAF and signatures/definitions won't be able to monitor and protect against sophisticated attacks targeting command injection vulnerabilities," said Kunal Anand, Prevoty CTO. "Organizations should look into more novel approaches including a runtime application security solution to evaluate and stop actual malicious execution before it happens."
Prevoty is dedicated to securing enterprises and the users they serve by automating defense and intelligence in all applications and services. These capabilities enable Global 2000 enterprises to dramatically improve remediation of vulnerabilities, enabling security and development teams to work together more effectively, even with agile release cycles. Prevoty was founded in 2013 and is headquartered in Los Angeles, California. For more information on the company's application security solutions, go to https://www.prevoty.com or follow @Prevoty on Twitter.