Security News > 2024 > December > New critical Apache Struts flaw exploited to find vulnerable servers

New critical Apache Struts flaw exploited to find vulnerable servers

2024-12-17 18:04

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. [...]

News URL

https://www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/

#apache #apachestruts #critical #server #struts #CVE-2024-53677

Related news

Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code (source)
Critical flaws fixed in Nagios Log Server (source)
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
Critical Langflow RCE flaw exploited to hack AI app servers (source)
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-11	CVE-2024-53677	File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload .	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apache		284	13	568	734	391	1706

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.