Summary
The Apache Struts project has recently fixed a critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2023-50164. This vulnerability allows an unauthenticated attacker to exploit the framework’s file upload parameters, potentially leading to unauthorised path traversal and the ability to upload malicious files.
To mitigate the vulnerability, it is crucial for organisations to update Apache Struts promptly.
About the Vulnerability
The CVE-2023-50164 vulnerability in Apache Struts enables an attacker to manipulate file upload parameters, potentially enabling path traversal and remote code execution. Please note that the NVD is actively analysing the vulnerability, and we are awaiting the assignment of its CVSS base score. However, its critical nature is already recognised.
It has been fixed in Apache Struts versions 2.5.33 and 6.3.0.2. Certainly, it is essential for all users of the affected versions to upgrade promptly to prevent potential exploitation. Please refer to the Apache security bulletin for more information regarding this vulnerability.
About Struts
Apache Struts is a widely-used, free, and open-source MVC framework for developing Java web applications. Over 2000 companies, especially large organisations, continue to utilise it, although its popularity has decreased in recent years.
Attackers often target the vulnerabilities in Apache Struts 2, making it crucial to address the Apache Struts vulnerabilities promptly. Once again, it is important for all users of the affected versions to upgrade promptly. This will ensure the security of your applications and protect against potential exploits.
- Continued MOVEit Data Breach: 3+ Million Individuals Affected
- Cyberattack Paralyzes Varta’s Global Manufacturing Operations
- MGM Ends 10-Day Shutdown Amid Cyberattack
- [CVSS 8+] Kubernetes NGINX: Urgent Security Alert
- Hackers Providing Access to 3000 Fortinet SSL-VPN Systems
- US Pharmacies Face Delays from Cyberattack Fallout