Security News > 2023 > December > Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)
Attackers are trying to leverage public proof-of-exploit exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2.
"Attackers aim to deploy webshells, with some cases targeting the parameter 'fileFileName' - a deviation from the original exploit PoC," Akamai's Security Intelligence Group flagged on Wednesday.
CVE-2023-50164, reported by Steven Seeley of Source Incite, enables path traversal by manipulating of file upload parameters and, in some cases, may allow attackers to upload malicious files that can be used to achieve remote code execution.
It has been fixed in Apache Struts versions 2.5.33 and 6.3.0.2, and Struts 2 developers and users have been urged to upgrade as soon as possible - there are no workarounds.
An analysis and reproduction of the bug has been published on December 12 and the author noted that "This vulnerability requires different POCs to be produced according to different scenarios, because if strict interception and inspection are carried out at the file upload point, it will be difficult to bypass."
A PoC exploit script has been released on December 13 by vulnerability researcher Ákos Jakab, but it works only when the target app is deployed to Apache Tomcat.
News URL
https://www.helpnetsecurity.com/2023/12/14/poc-exploit-cve-2023-50164/
Related news
- Critical security hole in Apache Struts under exploit (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-07 | CVE-2023-50164 | Unspecified vulnerability in Apache Struts An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | 9.8 |