• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
patch alert: critical apache struts flaw found, exploitation attempts detected

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

You are here: Home / General Cyber Security News / Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
December 18, 2024

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.

The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS score: 9.8), which also came under active exploitation shortly after public disclosure.

Cybersecurity

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution,” according to the Apache advisory.

In other words, successful exploitation of the flaw could allow a malicious actor to upload arbitrary payloads to susceptible instances, which could then be leveraged to run commands, exfiltrate data, or download additional payloads for follow-on exploitation.

The vulnerability impacts the following versions, and has been patched in Struts 6.4.0 or greater –

  • Struts 2.0.0 – Struts 2.3.37 (End-of-Life),
  • Struts 2.5.0 – Struts 2.5.33, and
  • Struts 6.0.0 – Struts 6.3.0.2

Dr. Johannes Ullrich, dean of research for SANS Technology Institute, said that an incomplete patch for CVE-2023-50164 may have led to the new problem, adding exploitation attempts matching the publicly-released proof-of-concept (PoC) have been detected in the wild.

“At this point, the exploit attempts are attempting to enumerate vulnerable systems,” Ullrich noted. “Next, the attacker attempts to find the uploaded script. So far, the scans originate only from 169.150.226[.]162.”

Cybersecurity

To mitigate the risk, users are recommended to upgrade to the latest version as soon as possible and rewrite their code to use the new Action File Upload mechanism and related interceptor.

“Apache Struts sits at the heart of many corporate IT stacks, driving public-facing portals, internal productivity applications, and critical business workflows,” Saeed Abbasi, product manager of Threat Research Unit at Qualys, said. “Its popularity in high-stakes contexts means that a vulnerability like CVE-2024-53677 could have far-reaching implications.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «attackers exploit microsoft teams and anydesk to deploy darkgate malware Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
Next Post: Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts meta fined €251 million for 2018 data breach impacting 29»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.