CyberSecurityBoard
Sponsor Register Login

Imperva Protects Customers from CVE-2023-50164

On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8.
Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected.
Apache Struts is a popular, free, open-source framework that is used in the creation of modern Java web applications for numerous commercial and open-source projects.
Vulnerabilities in Struts have been popular targets for threat actors, such as the Equifax breach in 2017.
Given its widespread distribution, any vulnerability in Apache Struts can become a matter of significant concern across various sectors.
By exploiting this vulnerability, attackers can manipulate file upload parameters, allowing for path traversal.
A malicious file can be uploaded, opening the door to a remote code execution.
Several proofs of concepts were published on December 11, 2023.
The Imperva Threat Research team created additional dedicated mitigations for this vulnerability, in addition to the existing rules and signatures, which are effective.
Over the past few days, we observed thousands of exploitation attempts, all of which were successfully thwarted by Imperva Cloud WAF, Imperva RASP, and Imperva WAF Gateway.
Most of the attempts originate from IP addresses in the United States and France.
Most exploitation attempts were carried out by automated hacking tools written in the Go programming language.
Web applications targeted in the exploitation were sourced from the United States, Australia, the Netherlands, and New Zealand.
During an exploitation attempt, an attacker will craft a special request to upload malicious web shells, commonly in the formats of.
WAR files, to locations unintended for user-uploaded content, and not originally accessible, using path traversal techniques.
Despite having protection measures, we strongly advise customers to stay vigilant and ensure their systems are promptly updated with the latest security patches.
As always, Imperva​​ Threat Research is monitoring the situation and will provide updates as new information emerges.


This Cyber News was published on www.imperva.com. Publication date: Tue, 19 Dec 2023 13:43:05 +0000


Cyber News related to Imperva Protects Customers from CVE-2023-50164

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
7 months ago Esecurityplanet.com
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report - We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. A notable achievement is being recognized as one of the few non-gateway-first ...
7 months ago Imperva.com
Accelerating Cloud-Native Data Security Deployments at Scale with Imperva's eDSF Kit - Elastic DSF is the vision of DSF. The first phase of this vision is creating automatic, click of a button processes to deploy and upgrade DSF with the introduction of Imperva eDSF Kit. eDSF Kit simplifies the product deployment, upgrades, and ongoing ...
7 months ago Imperva.com
Imperva Protects Customers from CVE-2023-50164 - On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. Apache Struts is a popular, free, ...
6 months ago Imperva.com
Imperva & Thales: Pioneering a New Era in Cybersecurity - Imperva has been a beacon of excellence for over twenty years in the digital protection landscape, where innovation is paramount. Renowned for its groundbreaking products, Imperva has not just secured applications, APIs, and data for the world's ...
7 months ago Imperva.com
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
6 months ago Imperva.com
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack - The recent discovery of a website supply chain attack using the cdn. Polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become ...
5 days ago Imperva.com
Impact of Apache Struts2 Code Execution Vulnerability - Recent attacks have demonstrated a significant growth in Zero Days and Remote Code Execution. In this blog, we will discuss a recently found Remote Code Execution attack in Apache Struts2. Apache Struts helps developers to create web applications in ...
6 months ago Securityboulevard.com
Mitigate HTTP/2 Rapid Reset Threats with Imperva WAF - In the modern application landscape, where businesses are constantly under the threat of cyber attacks, one of the most recent to emerge is HTTP/2 Rapid Reset, a type of Distributed Denial-of-Service attack. This attack is larger than any previously ...
6 months ago Imperva.com
Imperva Uncovers New IoCs for AndroxGh0st Botnet - On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. RoxGh0st is a Python-based malware, first seen in late ...
5 months ago Imperva.com
Imperva defends customers against recent vulnerabilities in Apache OFBiz - On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery by ...
6 months ago Imperva.com
Recent Apache Struts 2 Vulnerability in Attacker Crosshairs - Threat actors have started probing internet-accessible Apache Struts 2 instances affected by a recently disclosed remote code execution flaw. The critical-severity bug, tracked as CVE-2023-50164, was disclosed a week ago, when the Apache Software ...
6 months ago Securityweek.com
Imperva Report Previously Undocumented 8220 Gang Activities - Imperva Threat Research team has recently discovered a previously unreported activity from the 8220 gang, which is well-known for mass-deploying a range of constantly evolving TTPs to distribute malware in large quantities. The threat actor has a ...
6 months ago Cysecurity.news
Bad Bots Drive 10% Annual Surge in Account Takeover Attacks - Internet traffic associated with malicious bots now accounts for a third of the total, driving a 10% year-on-year increase in account takeover attacks last year, according to Imperva. The Thales-owned company's 2024 Imperva Bad Bot Report is a ...
2 months ago Infosecurity-magazine.com
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
6 months ago Cysecurity.news
T-Mobile Data Breach Affects 37 Million Customers: What You Should Know - T-Mobile recently announced that a data breach of its API had impacted the personal records of over 37 million customers. The breach occurred on the T-Mobile website, and could have allowed unauthorized users to access customer data such as name, ...
1 year ago Heimdalsecurity.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
7 months ago Feedpress.me
A Critical Remote Code Execution(RCE) Vulnerability in Apache Struts2 Flaw Puts Your Web Apps at Risk - The web development world is constantly on guard against security threats, and a recent discovery in the popular Apache Struts2 framework serves as a stark reminder. This critical vulnerability, known as CVE-2023-50164, exposes a serious flaw that ...
6 months ago Securityboulevard.com
Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
6 months ago Bleepingcomputer.com
Cohesity partners with NVIDIA to harness the power of generative AI - Cohesity announced a collaboration with NVIDIA to help organizations safely unlock the power of generative AI and data using the recently announced NVIDIA NIM microservices and by integrating NVIDIA AI Enterprise into the Cohesity Gaia platform. ...
3 months ago Helpnetsecurity.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
4 months ago Bleepingcomputer.com
2024 Predictions for Cybersecurity - The emergence of generative AI has put new resources in the hands of both attackers and defenders, and in 2024, Imperva believes the technology will have an even greater impact. Understanding how attackers are leveraging the technology will be ...
7 months ago Imperva.com
Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market - PRESS RELEASE. London / San Mateo, USA, November 22, 2023 - Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network, announced today the merger with Maytech, which offers data ...
7 months ago Darkreading.com
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems - U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal. Mr. Cooper is a mortgage lending company based out of Dallas, Texas, that employs ...
7 months ago Bleepingcomputer.com
Mr. Cooper breach affects more than 14.6M - Mr. Cooper, a major U.S. mortgage servicer, says an October data breach affected nearly 14.7 million people, including all its current and former customers. Mr. Cooper provided a data breach notification to the Office of the Maine Attorney General ...
6 months ago Packetstormsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)