CyberSecurityBoard
Sponsor Register Login

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and identification through device scanning.
You may click to consent to our and our 748 partners' processing as described above.
Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting.
Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing.


This Cyber News was published on securityaffairs.com. Publication date: Mon, 11 Dec 2023 16:43:04 +0000


Cyber News related to Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
1 year ago Darkreading.com CVE-2023-50164
Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
1 year ago Bleepingcomputer.com CVE-2023-50164
Recent Apache Struts 2 Vulnerability in Attacker Crosshairs - Threat actors have started probing internet-accessible Apache Struts 2 instances affected by a recently disclosed remote code execution flaw. The critical-severity bug, tracked as CVE-2023-50164, was disclosed a week ago, when the Apache Software ...
1 year ago Securityweek.com CVE-2023-50164
Apache Warns of Critical Vulnerability in Struts 2 - Apache has warned customers of a critical remote code execution vulnerability in its popular Struts 2 framework. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. The new vulnerability, ...
1 year ago Infosecurity-magazine.com CVE-2023-50164 CVE-2017-5638
Hackers are Actively Exploiting Apache Struts 2 Vulnerability - Hackers are taking advantage of a Critical Apache Struts Bug's initial activity with limited IP addresses engaged in exploitation attempts. Apache is an open-source framework for creating Java EE web applications called Apache Struts. It is used by ...
1 year ago Cybersecuritynews.com CVE-2023-50164
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks - Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications. Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system ...
1 year ago Cybersecuritynews.com CVE-2023-50164
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP - The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution. CVE-2023-50164 may allow an attacker to manipulate file upload ...
1 year ago Helpnetsecurity.com CVE-2023-50164
Impact of Apache Struts2 Code Execution Vulnerability - Recent attacks have demonstrated a significant growth in Zero Days and Remote Code Execution. In this blog, we will discuss a recently found Remote Code Execution attack in Apache Struts2. Apache Struts helps developers to create web applications in ...
1 year ago Securityboulevard.com CVE-2023-50164
Apache Patches Critical RCE Vulnerability in Struts 2 - The Apache Software Foundation over the weekend announced security updates that address a critical-severity file upload vulnerability in the Struts 2 open source development framework, warning that it could be exploited to execute arbitrary code ...
1 year ago Securityweek.com
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
1 year ago Bleepingcomputer.com CVE-2023-49070 CVE-2023-51467
A Critical Remote Code Execution(RCE) Vulnerability in Apache Struts2 Flaw Puts Your Web Apps at Risk - The web development world is constantly on guard against security threats, and a recent discovery in the popular Apache Struts2 framework serves as a stark reminder. This critical vulnerability, known as CVE-2023-50164, exposes a serious flaw that ...
1 year ago Securityboulevard.com CVE-2023-50164
Imperva Protects Customers from CVE-2023-50164 - On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. Apache Struts is a popular, free, ...
1 year ago Imperva.com CVE-2023-50164
Attackers are trying to exploit Apache Struts vulnerability - Attackers are trying to leverage public proof-of-exploit exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. The Shadowserver Foundation has also started noticing exploitation attempts in their ...
1 year ago Helpnetsecurity.com CVE-2023-50164
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke
Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
1 year ago Bleepingcomputer.com CVE-2023-22527
Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-33246 CVE-2023-37582 Rocke
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com CVE-2023-46604
Week in review: Apache Struts vulnerability exploit attempt, EOL Sophos firewalls get hotfix - SCS 9001 2.0 reveals enhanced controls for global supply chainsIn this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in ...
1 year ago Helpnetsecurity.com CVE-2023-50164 CVE-2023-42793
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
1 year ago Securityweek.com CVE-2023-49070 CVE-2023-51467 CVE-2023-50164 CVE-2023-46604
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
1 year ago Packetstormsecurity.com CVE-2023-49070 CVE-2023-51467 CVE-2023-50164 CVE-2023-46604
45k Jenkins servers exposed to RCE attacks using public exploits - Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution flaw for which multiple public proof-of-concept exploits are in circulation. Jenkins is a leading open-source ...
1 year ago Bleepingcomputer.com CVE-2023-23897
Microsoft discovers critical RCE flaw in Perforce Helix Core Server - Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors. Microsoft analysts discovered the ...
1 year ago Bleepingcomputer.com CVE-2023-5759 CVE-2023-45849 CVE-2023-35767 CVE-2023-45319
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)