Security News > 2023 > December > Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)
2023-12-14 10:21

Attackers are trying to leverage public proof-of-exploit exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2.

"Attackers aim to deploy webshells, with some cases targeting the parameter 'fileFileName' - a deviation from the original exploit PoC," Akamai's Security Intelligence Group flagged on Wednesday.

CVE-2023-50164, reported by Steven Seeley of Source Incite, enables path traversal by manipulating of file upload parameters and, in some cases, may allow attackers to upload malicious files that can be used to achieve remote code execution.

It has been fixed in Apache Struts versions 2.5.33 and 6.3.0.2, and Struts 2 developers and users have been urged to upgrade as soon as possible - there are no workarounds.

An analysis and reproduction of the bug has been published on December 12 and the author noted that "This vulnerability requires different POCs to be produced according to different scenarios, because if strict interception and inspection are carried out at the file upload point, it will be difficult to bypass."

A PoC exploit script has been released on December 13 by vulnerability researcher Ákos Jakab, but it works only when the target app is deployed to Apache Tomcat.


News URL

https://www.helpnetsecurity.com/2023/12/14/poc-exploit-cve-2023-50164/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-12-07 CVE-2023-50164 Unspecified vulnerability in Apache Struts
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
network
low complexity
apache
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642