Security News > 2023 > December > New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now
2023-12-12 05:23
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file
News URL
https://thehackernews.com/2023/12/new-critical-rce-vulnerability.html
Related news
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-50164 | Files or Directories Accessible to External Parties vulnerability in Apache Struts An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | 9.8 |