Security News > 2024 > December > Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
2024-12-18 13:36

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS


News URL

https://thehackernews.com/2024/12/patch-alert-critical-apache-struts-flaw.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-12-11 CVE-2024-53677 File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload .
0.0
2023-12-07 CVE-2023-50164 Unspecified vulnerability in Apache Struts
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
network
low complexity
apache
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 283 13 567 725 379 1684