Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] Apache Struts Vulnerability: Update Now!

Summary

The Apache Struts project has recently fixed a critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2023-50164. This vulnerability allows an unauthenticated attacker to exploit the framework’s file upload parameters, potentially leading to unauthorised path traversal and the ability to upload malicious files.

To mitigate the vulnerability, it is crucial for organisations to update Apache Struts promptly.

About the Vulnerability

The CVE-2023-50164 vulnerability in Apache Struts enables an attacker to manipulate file upload parameters, potentially enabling path traversal and remote code execution. Please note that the NVD is actively analysing the vulnerability, and we are awaiting the assignment of its CVSS base score. However, its critical nature is already recognised.

It has been fixed in Apache Struts versions 2.5.33 and 6.3.0.2. Certainly, it is essential for all users of the affected versions to upgrade promptly to prevent potential exploitation. Please refer to the Apache security bulletin for more information regarding this vulnerability.

About Struts

Apache Struts is a widely-used, free, and open-source MVC framework for developing Java web applications. Over 2000 companies, especially large organisations, continue to utilise it, although its popularity has decreased in recent years.

Attackers often target the vulnerabilities in Apache Struts 2, making it crucial to address the Apache Struts vulnerabilities promptly. Once again, it is important for all users of the affected versions to upgrade promptly. This will ensure the security of your applications and protect against potential exploits.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.