Recent Apache Struts 2 Vulnerability in Attacker Crosshairs

Threat actors have started probing internet-accessible Apache Struts 2 instances affected by a recently disclosed remote code execution flaw.
The critical-severity bug, tracked as CVE-2023-50164, was disclosed a week ago, when the Apache Software Foundation announced patches for it, urging customers to apply them immediately.
In its advisory, the non-profit organization explained that the issue resides in Struts' file upload logic and that it could enable path traversal.
Under certain circumstances, it allows an attacker to upload a malicious file and achieve RCE. The security defect exists in the /upload.action endpoint, allowing an attacker to manipulate file upload parameters, cybersecurity firm Trend Micro says.
Parameters are treated differently based on case sensitivity, but recent changes made by Apache led to case-insensitive HTTP parameters.
Upon file upload, Struts creates a temporary file that is deleted after the file is written to the assigned path value.
If the cached file exceeds a certain value, it is not deleted.
It was discovered that, if the attacker can control the filename value of the temporary file, they can exploit CVE-2023-50164 to upload a malicious payload. When the arguments from the HTTP request are processed, if the manipulated filename value has path traversal characters, the bug leads to check bypass, allowing the payload to persist.
Trend Micro notes that it has seen broad exploitation of the vulnerability, with multiple threat actors targeting it in malicious attacks.
Along with Trend Micro, Akamai, Malwarebytes, and the Shadowserver Foundation too have seen exploitation attempts targeting CVE-2023-50164, but it is unclear if the attackers were able to breach the targeted environments.
Some of these attempts rely on recently released proof-of-concept exploit code, while others are deviations from the PoC. CVE-2023-50164 impacts Struts versions 2.0.0 to 2.3.37, 2.5.0 to 2.5.32, and 6.0.0 to 6.3.0.
Apache addressed the bug in Struts versions 2.5.33 and 6.3.0.2.
All Struts users are advised to upgrade to a patched version as soon as possible.

This Cyber News was published on www.securityweek.com. Publication date: Fri, 15 Dec 2023 12:13:05 +0000

Cyber News related to Recent Apache Struts 2 Vulnerability in Attacker Crosshairs

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
11 months ago Darkreading.com

Apache Warns of Critical Vulnerability in Struts 2 - Apache has warned customers of a critical remote code execution vulnerability in its popular Struts 2 framework. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. The new vulnerability, ...
11 months ago Infosecurity-magazine.com

Recent Apache Struts 2 Vulnerability in Attacker Crosshairs - Threat actors have started probing internet-accessible Apache Struts 2 instances affected by a recently disclosed remote code execution flaw. The critical-severity bug, tracked as CVE-2023-50164, was disclosed a week ago, when the Apache Software ...
11 months ago Securityweek.com

Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
11 months ago Bleepingcomputer.com

1,718,000+ Apache Struts 2 Installation Open to RCE Attacks - Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications. Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system ...
10 months ago Cybersecuritynews.com

Apache Patches Critical RCE Vulnerability in Struts 2 - The Apache Software Foundation over the weekend announced security updates that address a critical-severity file upload vulnerability in the Struts 2 open source development framework, warning that it could be exploited to execute arbitrary code ...
11 months ago Securityweek.com

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP - The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution. CVE-2023-50164 may allow an attacker to manipulate file upload ...
11 months ago Helpnetsecurity.com

Hackers are Actively Exploiting Apache Struts 2 Vulnerability - Hackers are taking advantage of a Critical Apache Struts Bug's initial activity with limited IP addresses engaged in exploitation attempts. Apache is an open-source framework for creating Java EE web applications called Apache Struts. It is used by ...
11 months ago Cybersecuritynews.com

Imperva Protects Customers from CVE-2023-50164 - On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. Apache Struts is a popular, free, ...
11 months ago Imperva.com

Attackers are trying to exploit Apache Struts vulnerability - Attackers are trying to leverage public proof-of-exploit exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. The Shadowserver Foundation has also started noticing exploitation attempts in their ...
11 months ago Helpnetsecurity.com

CVE-2018-1327 - The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson ...
3 years ago

Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
10 months ago Securityweek.com

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
10 months ago Bleepingcomputer.com

CVE-2012-1007 - Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) ...
6 years ago

Week in review: Apache Struts vulnerability exploit attempt, EOL Sophos firewalls get hotfix - SCS 9001 2.0 reveals enhanced controls for global supply chainsIn this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in ...
11 months ago Helpnetsecurity.com

CVE-2023-34149 - Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. ...
1 year ago

CVE-2023-34396 - Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. ...
1 year ago

Impact of Apache Struts2 Code Execution Vulnerability - Recent attacks have demonstrated a significant growth in Zero Days and Remote Code Execution. In this blog, we will discuss a recently found Remote Code Execution attack in Apache Struts2. Apache Struts helps developers to create web applications in ...
10 months ago Securityboulevard.com

The Threat That Can't Be Ignored: CVE-2023-46604 in Apache ActiveMQ - There is another vulnerability that demands immediate attention, despite not receiving the level of recognition it truly deserves in the media. Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a Remote Code Execution flaw rated at a ...
7 months ago Cybersecurity-insiders.com

Real-Time Data Warehousing Based on Apache Doris - This is a whole-journey guide for Apache Doris users, especially those from the financial sector, which requires a high level of data security and availability. If you don't know how to build a real-time data pipeline and make the most of the Apache ...
10 months ago Feeds.dzone.com

Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
10 months ago Bleepingcomputer.com

Konni Malware Alert: Uncovering The Russian-Language Threat - In the ever-evolving landscape of cybersecurity, a recent discovery sheds light on a new phishing attack being dubbed the Konni malware. This cyber assault employs a Russian-language Microsoft Word document malware delivery as its weapon of choice, ...
11 months ago Securityboulevard.com

TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
11 months ago Bleepingcomputer.com

Barracuda ESG, Apache OfBiz Vulnerabilities Persist - While the number of reported vulnerabilities sometimes decrease over the Christmas and New Year's holidays, active and potential exploits are no less threatening. During the past couple weeks, Google has seen multiple vulnerabilities, including a ...
10 months ago Esecurityplanet.com

Latest Cyber News

CVE-2024-52739 - 1 day ago
CVE-2018-9483 - 1 day ago
CVE-2018-9485 - 1 day ago
CVE-2018-9487 - 1 day ago
CVE-2018-9470 - 1 day ago
CVE-2018-9472 - 1 day ago
CVE-2018-9477 - 1 day ago
CVE-2024-11492 - 1 day ago
CVE-2024-52770 - 1 day ago
CVE-2024-52796 - 1 day ago
CVE-2024-52769 - 1 day ago
CVE-2024-51162 - 1 day ago
CVE-2024-52725 - 1 day ago
CVE-2024-11491 - 1 day ago
CVE-2024-11490 - 1 day ago
CVE-2024-11488 - 1 day ago
CVE-2024-11486 - 1 day ago
CVE-2024-11487 - 1 day ago
CVE-2024-11485 - 1 day ago
CVE-2024-52471 - 1 day ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-52282 - 2 days ago
CVE-2024-11278 - 1 day ago
CVE-2024-9653 - 1 day ago
CVE-2024-10515 - 1 day ago
CVE-2024-52614 - 1 day ago
CVE-2024-9239 - 1 day ago
CVE-2024-10855 - 1 day ago
CVE-2024-10899 - 1 day ago
CVE-2024-10900 - 1 day ago
CVE-2024-11277 - 1 day ago
CVE-2024-48895 - 1 day ago
CVE-2024-47865 - 1 day ago
CVE-2024-52033 - 1 day ago
CVE-2024-11176 - 1 day ago
CVE-2024-10126 - 1 day ago
CVE-2024-10127 - 1 day ago
CVE-2024-11179 - 1 day ago
CVE-2024-11494 - 1 day ago
CVE-2024-10665 - 1 day ago
CVE-2024-10891 - 1 day ago