Security News > 2024 > December > Critical security hole in Apache Struts under exploit

Critical security hole in Apache Struts under exploit

2024-12-17 21:57

You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2, patched last week, is now being exploited using publicly available proof-of-concept (PoC) code.…

News URL

https://go.theregister.com/feed/www.theregister.com/2024/12/17/critical_rce_apache_struts/

#apache #apachestruts #critical #exploit #security #struts

Related news

Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals (source)
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide (source)
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apache		284	13	568	733	391	1705

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.