Security News > 2023 > December > Hackers are exploiting critical Apache Struts flaw using public PoC
Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
Apache Struts is an open-source web application framework designed to streamline the development of Java EE web apps, offering a form-based interface and extensive integration capabilities.
On December 7, Apache released Struts versions 6.3.0.2 and 2.5.33 to address a critical severity vulnerability currently identified as CVE-2023-50164.
The RCE vulnerability affects Struts versions 2.0.0 through 2.3.37, Struts 2.5.0 through 2.5.32, and Struts 6.0.0 up to 6.3.0.
In a security advisory yesterday, Cisco says that it is investigating CVE-2023-50164 to determine which of its products with Apache Struts may be affected and to what extent.
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.
News URL
Related news
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Critical security hole in Apache Struts under exploit (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-07 | CVE-2023-50164 | Unspecified vulnerability in Apache Struts An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | 9.8 |