CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

Another remote code execution vulnerability in Apache's Struts2 Framework has been discovered - leaving many with strong feelings of Deja Vu. If you're a developer, it's not unreasonable to be concerned about how you may spend the final weeks of 2023.
This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Jeff Wayman.


This Cyber News was published on securityboulevard.com. Publication date: Fri, 15 Dec 2023 00:13:13 +0000


Cyber News related to CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

Impact of Apache Struts2 Code Execution Vulnerability - Recent attacks have demonstrated a significant growth in Zero Days and Remote Code Execution. In this blog, we will discuss a recently found Remote Code Execution attack in Apache Struts2. Apache Struts helps developers to create web applications in ...
11 months ago Securityboulevard.com
A Critical Remote Code Execution(RCE) Vulnerability in Apache Struts2 Flaw Puts Your Web Apps at Risk - The web development world is constantly on guard against security threats, and a recent discovery in the popular Apache Struts2 framework serves as a stark reminder. This critical vulnerability, known as CVE-2023-50164, exposes a serious flaw that ...
1 year ago Securityboulevard.com
Recent Apache Struts 2 Vulnerability in Attacker Crosshairs - Threat actors have started probing internet-accessible Apache Struts 2 instances affected by a recently disclosed remote code execution flaw. The critical-severity bug, tracked as CVE-2023-50164, was disclosed a week ago, when the Apache Software ...
1 year ago Securityweek.com
CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component - Another remote code execution vulnerability in Apache's Struts2 Framework has been discovered - leaving many with strong feelings of Deja Vu. If you're a developer, it's not unreasonable to be concerned about how you may spend the final weeks of ...
1 year ago Securityboulevard.com
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
1 year ago Darkreading.com
Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
1 year ago Bleepingcomputer.com
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
11 months ago Securityweek.com
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
11 months ago Packetstormsecurity.com
Hackers are Actively Exploiting Apache Struts 2 Vulnerability - Hackers are taking advantage of a Critical Apache Struts Bug's initial activity with limited IP addresses engaged in exploitation attempts. Apache is an open-source framework for creating Java EE web applications called Apache Struts. It is used by ...
1 year ago Cybersecuritynews.com
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks - Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications. Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system ...
11 months ago Cybersecuritynews.com
The Threat That Can't Be Ignored: CVE-2023-46604 in Apache ActiveMQ - There is another vulnerability that demands immediate attention, despite not receiving the level of recognition it truly deserves in the media. Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a Remote Code Execution flaw rated at a ...
8 months ago Cybersecurity-insiders.com
Imperva Protects Customers from CVE-2023-50164 - On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. Apache Struts is a popular, free, ...
1 year ago Imperva.com
Attackers are trying to exploit Apache Struts vulnerability - Attackers are trying to leverage public proof-of-exploit exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. The Shadowserver Foundation has also started noticing exploitation attempts in their ...
1 year ago Helpnetsecurity.com
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP - The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution. CVE-2023-50164 may allow an attacker to manipulate file upload ...
1 year ago Helpnetsecurity.com
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
11 months ago Bleepingcomputer.com
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
1 year ago Imperva.com
Unraveling the Struts2 security vulnerability: A deep dive - In a recent webinar hosted by Sonatype, Chief Technology Officer and co-founder Brian Fox and Field CTO Ilkka Turunen discussed the critical security vulnerability affecting Apache Struts2. This is a Security Bloggers Network syndicated blog from ...
1 year ago Securityboulevard.com
CVE-2012-1006 - Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) ...
7 years ago
Critical Apache OFBiz Zero-day Flaw Exploited in the Wild - Researchers uncovered a critical authentication bypass zero-day flaw tracked as CVE-2023-51467, with a CVSS score of 9.8 affecting Apache OFBiz's open-source enterprise resource planning system. The vulnerability allows attackers to bypass simple ...
11 months ago Cybersecuritynews.com
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com
Zoom Unveils Open Source Vulnerability Impact Scoring System - Video conferencing giant Zoom on Thursday unveiled an open source vulnerability impact scoring system that it has been developing for the past year. The Vulnerability Impact Scoring System, or VISS, is a customizable framework that provides a ...
1 year ago Securityweek.com
Real-Time Data Warehousing Based on Apache Doris - This is a whole-journey guide for Apache Doris users, especially those from the financial sector, which requires a high level of data security and availability. If you don't know how to build a real-time data pipeline and make the most of the Apache ...
11 months ago Feeds.dzone.com
Week in review: Apache Struts vulnerability exploit attempt, EOL Sophos firewalls get hotfix - SCS 9001 2.0 reveals enhanced controls for global supply chainsIn this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in ...
1 year ago Helpnetsecurity.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com
Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)