Island: Remove Struts2 exploiter

monkey/monkey_island/cc/services/config_schema/basic.py

@@ -18,7 +18,6 @@ BASIC = {
                         "WmiExploiter",
                         "SSHExploiter",
                         "Log4ShellExploiter",
-                        "Struts2Exploiter",
                         "WebLogicExploiter",
                         "HadoopExploiter",
                         "MSSQLExploiter",

monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py

@@ -53,15 +53,6 @@ EXPLOITER_CLASSES = {
             "link": "https://www.guardicore.com/infectionmonkey/docs/reference"
             "/exploiters/sshexec/",
         },
-        {
-            "type": "string",
-            "enum": ["Struts2Exploiter"],
-            "title": "Struts2 Exploiter",
-            "safe": True,
-            "info": "Exploits struts2 java web framework. CVE-2017-5638. Logic based on "
-            "https://www.exploit-db.com/exploits/41570 .",
-            "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/struts2/",
-        },
         {
             "type": "string",
             "enum": ["WebLogicExploiter"],

monkey/monkey_island/cc/services/reporting/aws_exporter.py

@@ -81,7 +81,6 @@ class AWSExporter(Exporter):
             "shared_passwords_domain": AWSExporter._handle_shared_passwords_domain_issue,
             "shared_admins_domain": AWSExporter._handle_shared_admins_domain_issue,
             "strong_users_on_crit": AWSExporter._handle_strong_users_on_crit_issue,
-            ExploiterDescriptorEnum.STRUTS2.value.class_name: AWSExporter._handle_struts2_issue,
             ExploiterDescriptorEnum.WEBLOGIC.value.class_name: AWSExporter._handle_weblogic_issue,
             ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue,
         }
@@ -387,24 +386,6 @@ class AWSExporter(Exporter):
             instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
         )
 
-    @staticmethod
-    def _handle_struts2_issue(issue, instance_arn):
-
-        return AWSExporter._build_generic_finding(
-            severity=10,
-            title="Struts2 servers are vulnerable to remote code execution.",
-            description="Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.",
-            recommendation="Struts2 server at {machine} ({ip_address}) is vulnerable to "
-            "remote code execution attack."
-            "The attack was made possible because the server is using an old "
-            "version of Jakarta based file "
-            "upload Multipart parser.".format(
-                machine=issue["machine"], ip_address=issue["ip_address"]
-            ),
-            instance_arn=instance_arn,
-            instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
-        )
-
     @staticmethod
     def _handle_weblogic_issue(issue, instance_arn):
 

monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py

@@ -28,7 +28,6 @@ class ExploiterDescriptorEnum(Enum):
     SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
     WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
     SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
-    STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
     WEBLOGIC = ExploiterDescriptor(
         "WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
     )

monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js

@@ -20,7 +20,6 @@ import guardicoreLogoImage from '../../images/guardicore-logo.png'
 import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons';
 import '../../styles/App.css';
 import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue';
-import {struts2IssueOverview, struts2IssueReport} from './security/issues/Struts2Issue';
 import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue';
 import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
 import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
@@ -78,11 +77,6 @@ class ReportPageComponent extends AuthComponent {
         },
         [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
       },
-      'Struts2Exploiter': {
-        [this.issueContentTypes.OVERVIEW]: struts2IssueOverview,
-        [this.issueContentTypes.REPORT]: struts2IssueReport,
-        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
-      },
       'WebLogicExploiter': {
         [this.issueContentTypes.OVERVIEW]: webLogicIssueOverview,
         [this.issueContentTypes.REPORT]: webLogicIssueReport,

monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js

@@ -1,26 +0,0 @@
-import React from 'react';
-import CollapsibleWellComponent from '../CollapsibleWell';
-
-export function struts2IssueOverview() {
-  return (<li>Struts2 servers are vulnerable to remote code execution. (<a
-                      href="https://cwiki.apache.org/confluence/display/WW/S2-045">
-                      CVE-2017-5638</a>)</li>)
-}
-
-export function struts2IssueReport(issue) {
-  return (
-      <>
-        Upgrade Struts2 to version 2.3.32 or 2.5.10.1 or any later versions.
-        <CollapsibleWellComponent>
-          Struts2 server at <span className="badge badge-primary">{issue.machine}</span> (<span
-          className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
-          className="badge badge-danger">remote code execution</span> attack.
-          <br/>
-          The attack was made possible because the server is using an old version of Jakarta based file upload
-          Multipart parser. For possible work-arounds and more info read <a
-          href="https://cwiki.apache.org/confluence/display/WW/S2-045"
-        >here</a>.
-        </CollapsibleWellComponent>
-      </>
-    );
-}