CyberSecurityBoard
Sponsor Register Login

Hackers are Actively Exploiting Apache Struts 2 Vulnerability

Hackers are taking advantage of a Critical Apache Struts Bug's initial activity with limited IP addresses engaged in exploitation attempts.
Apache is an open-source framework for creating Java EE web applications called Apache Struts.
It is used by numerous Fortune 100 businesses and international governments.
On December 7, the Apache Foundation, which manages the Struts library, asked developers to implement a patch to address a vulnerability that allowed a path traversal attack.
This means that an attacker could gain access to directories on a web server that they shouldn't have, and in certain situations, they could upload a malicious file for remote code execution.
The vulnerability, CVE-2023-50164, has a 9.8 out of 10 CVSS score.
The Australian Cyber Security Center and CERT-FR have recently detected a wave of exploitation attacks happening across the globe.
These attacks target vulnerable systems and exploit security loopholes to gain access to sensitive data and cause potential harm.
In some cases, this can result in uploading a malicious file that can be used to carry out Remote Code Execution.
An attacker can change file upload parameters to enable pathway traversal.
Cyberthreat intelligence firm Akamai also recorded exploit attempts of this new flaw.
Attackers aim to deploy webshells, with some cases targeting the parameter 'fileFileName' - a deviation from the original exploit PoC. pic.
This cloud flaw results in modifying sensitive files, data theft, service disruption, or lateral movement within the network.
Several preconditions that depend on how the application is implemented and behaves utilizing Apache Struts are necessary to exploit CVE-2023-50164.
Notably, it is hard for the criminal to scan and exploit this vulnerability.
Over the years, Struts - an open-source framework for developing web applications in Java - has been a common point of interest for hackers.
Several high-profile data breaches, including the infamous 2017 Equifax breach, have exploited vulnerabilities in Struts to gain unauthorized access to sensitive information.
It is recommended that users apply the recently released patches for the framework in all applications that utilize the framework.
These patches aim to improve the framework's overall security and functionality.


This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 18 Dec 2023 03:55:04 +0000


Cyber News related to Hackers are Actively Exploiting Apache Struts 2 Vulnerability

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
1 year ago Darkreading.com CVE-2023-50164
Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
1 year ago Bleepingcomputer.com CVE-2023-50164
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
10 months ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
Apache Warns of Critical Vulnerability in Struts 2 - Apache has warned customers of a critical remote code execution vulnerability in its popular Struts 2 framework. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. The new vulnerability, ...
1 year ago Infosecurity-magazine.com CVE-2023-50164 CVE-2017-5638
Hackers are Actively Exploiting Apache Struts 2 Vulnerability - Hackers are taking advantage of a Critical Apache Struts Bug's initial activity with limited IP addresses engaged in exploitation attempts. Apache is an open-source framework for creating Java EE web applications called Apache Struts. It is used by ...
1 year ago Cybersecuritynews.com CVE-2023-50164
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks - Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications. Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system ...
1 year ago Cybersecuritynews.com CVE-2023-50164
Apache Patches Critical RCE Vulnerability in Struts 2 - The Apache Software Foundation over the weekend announced security updates that address a critical-severity file upload vulnerability in the Struts 2 open source development framework, warning that it could be exploited to execute arbitrary code ...
1 year ago Securityweek.com
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP - The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution. CVE-2023-50164 may allow an attacker to manipulate file upload ...
1 year ago Helpnetsecurity.com CVE-2023-50164
Recent Apache Struts 2 Vulnerability in Attacker Crosshairs - Threat actors have started probing internet-accessible Apache Struts 2 instances affected by a recently disclosed remote code execution flaw. The critical-severity bug, tracked as CVE-2023-50164, was disclosed a week ago, when the Apache Software ...
1 year ago Securityweek.com CVE-2023-50164
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
9 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
1 year ago Bleepingcomputer.com CVE-2023-49070 CVE-2023-51467
Week in review: Apache Struts vulnerability exploit attempt, EOL Sophos firewalls get hotfix - SCS 9001 2.0 reveals enhanced controls for global supply chainsIn this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in ...
1 year ago Helpnetsecurity.com CVE-2023-50164 CVE-2023-42793
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
9 months ago Securityaffairs.com CVE-2024-0769 CVE-2024-29849 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-4966 CVE-2023-40044 CVE-2023-38035 APT28
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
9 months ago Securityaffairs.com CVE-2024-0769 CVE-2024-29849 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-4966 CVE-2023-40044 CVE-2023-38035 APT28
Imperva Protects Customers from CVE-2023-50164 - On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. Apache Struts is a popular, free, ...
1 year ago Imperva.com CVE-2023-50164
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com CVE-2023-46604
New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
10 months ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits - The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. The flaw allows remote code execution and was fixed in late October. Apache's ...
1 year ago Bleepingcomputer.com CVE-2023-46604
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
10 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-46747 CVE-2023-46748 CVE-2023-22515 APT29 Rocke BianLian
Attackers are trying to exploit Apache Struts vulnerability - Attackers are trying to leverage public proof-of-exploit exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. The Shadowserver Foundation has also started noticing exploitation attempts in their ...
1 year ago Helpnetsecurity.com CVE-2023-50164
CVE-2018-1327 - The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson ...
4 years ago
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
10 months ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 CVE-2023-3519
Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-33246 CVE-2023-37582 Rocke
QNAP VioStor NVR vulnerability actively exploited by malware botnet - A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution vulnerability in QNAP VioStor NVR devices to hijack and make them part of its DDoS swarm. The botnet was discovered by Akamai's Security Intelligence Response Team in ...
1 year ago Bleepingcomputer.com CVE-2023-49897 CVE-2023-47565

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)