Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677.

Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution.

“An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.” reads the advisory published by Apache.

The vulnerability impacts the following software versions:

Struts 2.0.0 through Struts 2.3.37 (EOL)
Struts 2.5.0 through Struts 2.5.33 (EOL)
Struts 6.0.0 through Struts 6.3.0.2

SANS Technology senior researcher Dr. Johannes Ullrich explained that the vulnerability allows attackers to achieve path traversal and remote code execution via file upload exploitation. The expert explained that the root cause of the issue is an incomplete fix for another vulnerability tracked as CVE-2023-50164.

The researcher also confirmed that threat actors are actively exploiting a publicly-released proof-of-concept (PoC) code.

“The vulnerability, CVE-2024-53677, appears to be related to CVE-2023-50164. The older vulnerability is similar, and an incomplete patch may have led to the newer issue.” wrote Ullrich. “PoC exploits have been released (see, for example, [2]). And we are seeing active exploit attempts for this vulnerability that match the PoC exploit code.”

Users are recommended to upgrade to the latest version Struts 6.4.0 or greater and use Action File Upload Interceptor.

Quelle

Kommentar verfassen Kommentieren abbrechen

London, GB

1:22 pm, Juni 9, 2025

19°C

L: 18° | H: 20°

Fühlt sich an wie 18°C° overcast clouds

Luftfeuchtigkeit: 57 %

Druck: 1021 mb

Wind: 9 mph SW

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 85%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:44 am

Sonnenuntergang: 9:15 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

18° | 20°°C 0 mm 0% 9 mph 75 % 1021 mb 0 mm/h

Tomorrow 10:00 pm

13° | 20°°C 0.8 mm 80% 11 mph 83 % 1020 mb 0 mm/h

Mi. Juni 11 10:00 pm

13° | 23°°C 0.2 mm 20% 12 mph 81 % 1021 mb 0 mm/h

Do. Juni 12 10:00 pm

15° | 25°°C 1 mm 100% 10 mph 81 % 1018 mb 0 mm/h

Fr. Juni 13 10:00 pm

16° | 27°°C 1 mm 100% 11 mph 93 % 1020 mb 0 mm/h

Today 4:00 pm

19° | 19°°C 0 mm 0% 8 mph 56 % 1021 mb 0 mm/h

Today 7:00 pm

18° | 18°°C 0 mm 0% 8 mph 60 % 1020 mb 0 mm/h

Today 10:00 pm

16° | 16°°C 0 mm 0% 9 mph 75 % 1019 mb 0 mm/h

Tomorrow 1:00 am

14° | 14°°C 0 mm 0% 9 mph 81 % 1018 mb 0 mm/h

Tomorrow 4:00 am

13° | 13°°C 0 mm 0% 11 mph 83 % 1017 mb 0 mm/h

Tomorrow 7:00 am

14° | 14°°C 0 mm 0% 10 mph 83 % 1017 mb 0 mm/h

Tomorrow 10:00 am

16° | 16°°C 0 mm 0% 10 mph 82 % 1017 mb 0 mm/h

Tomorrow 1:00 pm

20° | 20°°C 0.21 mm 21% 9 mph 65 % 1018 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€94,311.25	1.85%
Ethereum(ETH)	€2,224.37	1.04%
Fesseln(USDT)	€0.88	0.00%
XRP(XRP)	€1.98	0.45%
Solana(SOL)	€135.80	3.64%
USDC(USDC)	€0.88	0.00%
Dogecoin(DOGE)	€0.162647	1.12%
Shiba Inu(SHIB)	€0.000011	0.98%
Pepe(PEPE)	€0.000011	3.26%
Peanut das Eichhörnchen(PNUT)	€0.235134	4.58%

Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

Teilen:

Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677.

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns