top of page
  • Clipeus

Apache Struts 2 Vulnerable To RCE

According to an Apache security advisory, the popular framework Apache Struts 2 used for web application development is affected by a critical remote code execution vulnerability (RCE) - tracked as CVE-2023-50164 - impacting the following products:


  • Struts 2.0.0

  • Struts 2.3.37 (EOL)

  • Struts 2.5.0

  • Struts 2.5.32

  • Struts 6.0.0

  • Struts 6.3.0


The vulnerability enables a potential remote attacker to manipulate file upload parameters in such a way to upload arbitrary files and potentially achieve RCE. This flaw may be exploited to install malware, and has potential to affect the confidentiality, integrity and availability of any data on the system.


Apache notes there are no workarounds. The only available and effective remediation is upgrading to Struts 2.5.33, 6.3.0.2 or greater.


There are presently no reports of exploitation in the wild; however, given the popularity of this application and the publicity of this vulnerabilities, the threat landscape around this vulnerability should be considered highly fluid.


Comentarios


Los comentarios se han desactivado.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page