Apache Struts Remote Code Execution Vulnerability

Last Update Date: 18 Dec 2024 Release Date: 16 Dec 2024 1296 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Apache Struts. A remote attacker can exploit this vulnerability to trigger remote code execution and sensitive information disclosure on the targeted system.

 

[Updated on 2024-12-18]

Updated Impact and Description.

 

Proof of Concept exploit code Is publicly available for CVE-2024-53677. Attackers are trying to exploit this vulnerability to enumerate vulnerable systems, causing sensitive information disclosure. This can be abused to upload malicious files into restricted directories and can lead to remote code execution (RCE) under certain conditions.

Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Struts 2.0.0 - Struts 2.3.37 (EOL)
  • Struts 2.5.0 - Struts 2.5.33
  • Struts 6.0.0 - Struts 6.3.0.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to Struts 6.4.0 or greater and use Action File Upload Interceptor

Vulnerability Identifier

Source

Related Link

Related Tags

ApacheRemote Code ExecutionInformation Disclosure

Share with

Previous

SUSE Linux Kernel Multiple Vulnerabilities

3 Dec 2024 3924 Views

Next

Apache Tomcat Multiple Vulnerabilities

18 Dec 2024 928 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY