Impact of Apache Struts2 Code Execution Vulnerability

Recent attacks have demonstrated a significant growth in Zero Days and Remote Code Execution.
In this blog, we will discuss a recently found Remote Code Execution attack in Apache Struts2.
Apache Struts helps developers to create web applications in Java.
On December 7th, the Apache Software Foundation disclosed a critical vulnerability in Apache Struts2, named CVE-2023-50164.
At its core, CVE-2023-50164 exploits a flaw in Struts2's file upload logic.
The true nightmare unfolds when you realize this malicious file can be executed.
Yes, you read that right - Remote Code Execution is on the table.
The vulnerability also leads to parameter pollution when an attack changes the initial parameter and adds additional parameters in lowercase.
This overrides the internal file name variable and that is what causes the system to exploit and the attacker to gain Remote Code Execution.
Struts2 boasts a wide user base, powering enterprise applications, government websites, and private businesses.
Scan your Environment: Conduct a thorough scan of your systems to identify any applications using vulnerable versions of Struts2.
Monitor for Suspicious Activity: Implement security monitoring tools and SIEM solutions to detect any suspicious activity that might indicate an attempted exploit.
Raise Awareness: Train your employees and developers about the vulnerability and the importance of patching.
A layered security approach is key to truly mitigating the risks posed by vulnerabilities like CVE-2023-50164.
Implement Input Validation: Validate all user input to prevent malicious code from being uploaded or executed.
Restrict File Extensions: Limit the types of files that can be uploaded to only those necessary for your application.
CVE-2023-50164 is a critical vulnerability with potentially destructive consequences.
There is a critical need to address the serious vulnerability CVE-2023-50164 in Apache Struts2.
Kratikal, a CERT-In empanelled auditor is an essential component in the battle against cyber threats, providing cybersecurity solutions through Governance, Risk, and Compliance to identify, stop, and minimize vulnerabilities.
Kratikal helps businesses defend against ever-evolving threats by providing them with proactive defense, security training, and sophisticated scanning tools.


This Cyber News was published on securityboulevard.com. Publication date: Sat, 23 Dec 2023 07:13:04 +0000


Cyber News related to Impact of Apache Struts2 Code Execution Vulnerability

Impact of Apache Struts2 Code Execution Vulnerability - Recent attacks have demonstrated a significant growth in Zero Days and Remote Code Execution. In this blog, we will discuss a recently found Remote Code Execution attack in Apache Struts2. Apache Struts helps developers to create web applications in ...
10 months ago Securityboulevard.com
A Critical Remote Code Execution(RCE) Vulnerability in Apache Struts2 Flaw Puts Your Web Apps at Risk - The web development world is constantly on guard against security threats, and a recent discovery in the popular Apache Struts2 framework serves as a stark reminder. This critical vulnerability, known as CVE-2023-50164, exposes a serious flaw that ...
10 months ago Securityboulevard.com
CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component - Another remote code execution vulnerability in Apache's Struts2 Framework has been discovered - leaving many with strong feelings of Deja Vu. If you're a developer, it's not unreasonable to be concerned about how you may spend the final weeks of ...
10 months ago Securityboulevard.com
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
10 months ago Darkreading.com
Purpose. Partnership. Impact. - Last month, Cisco announced we exceeded our ten-year goal to positively impact one billion lives - more than one year early. The announcement was just the first step in our commitment to share the stories within our journey to one billion lives, and ...
9 months ago Feedpress.me
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
10 months ago Bleepingcomputer.com
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks - Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications. Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system ...
9 months ago Cybersecuritynews.com
The Threat That Can't Be Ignored: CVE-2023-46604 in Apache ActiveMQ - There is another vulnerability that demands immediate attention, despite not receiving the level of recognition it truly deserves in the media. Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a Remote Code Execution flaw rated at a ...
6 months ago Cybersecurity-insiders.com
Real-Time Data Warehousing Based on Apache Doris - This is a whole-journey guide for Apache Doris users, especially those from the financial sector, which requires a high level of data security and availability. If you don't know how to build a real-time data pipeline and make the most of the Apache ...
9 months ago Feeds.dzone.com
Unraveling the Struts2 security vulnerability: A deep dive - In a recent webinar hosted by Sonatype, Chief Technology Officer and co-founder Brian Fox and Field CTO Ilkka Turunen discussed the critical security vulnerability affecting Apache Struts2. This is a Security Bloggers Network syndicated blog from ...
10 months ago Securityboulevard.com
CVE-2012-1006 - Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) ...
7 years ago
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
11 months ago Bleepingcomputer.com
Barracuda ESG, Apache OfBiz Vulnerabilities Persist - While the number of reported vulnerabilities sometimes decrease over the Christmas and New Year's holidays, active and potential exploits are no less threatening. During the past couple weeks, Google has seen multiple vulnerabilities, including a ...
10 months ago Esecurityplanet.com
CVE-2023-25194 - A possible security vulnerability has been identified in Apache Kafka Connect API. ...
1 year ago
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP - The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution. CVE-2023-50164 may allow an attacker to manipulate file upload ...
10 months ago Helpnetsecurity.com
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
10 months ago Securityweek.com
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
10 months ago Packetstormsecurity.com
CVE-2023-31065 - Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.  ...
4 weeks ago
CVE-2023-31206 - Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to ...
3 weeks ago
Critical Apache OFBiz Zero-day Flaw Exploited in the Wild - Researchers uncovered a critical authentication bypass zero-day flaw tracked as CVE-2023-51467, with a CVSS score of 9.8 affecting Apache OFBiz's open-source enterprise resource planning system. The vulnerability allows attackers to bypass simple ...
9 months ago Cybersecuritynews.com
Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
10 months ago Bleepingcomputer.com
Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
10 months ago Bleepingcomputer.com
The Exploration of Static vs Dynamic Code Analysis - Two essential methodologies employed for this purpose are Static Code Analysis and Dynamic Code Analysis. Static Code Analysis involves the examination of source code without its execution. In this exploration of Static vs Dynamic Code Analysis, ...
9 months ago Feeds.dzone.com
CVE-2024-29735 - Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. ...
7 months ago
8220 Hacker Group Attacking Windows and Linux Web Servers - The 8220 hacker group, which was first identified in 2017 by Cisco Talos, is exploiting both Windows and Linux web servers with crypto-jacking malware. One of their recent activities involved the exploitation of Oracle WebLogic vulnerability and ...
10 months ago Gbhackers.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)