Security News > 2024 > December > New critical Apache Struts flaw exploited to find vulnerable servers

New critical Apache Struts flaw exploited to find vulnerable servers

2024-12-17 18:04

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. [...]

News URL

https://www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/

#apache #apachestruts #critical #server #struts #CVE-2024-53677

Related news

Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
Critical AMI MegaRAC bug can let attackers hijack, brick servers (source)
Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-11	CVE-2024-53677	File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload .	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apache		283	13	567	725	381	1686

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.