Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

Teilen:

Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677.

Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution.

“An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.” reads the advisory published by Apache.

The vulnerability impacts the following software versions:

  • Struts 2.0.0 through Struts 2.3.37 (EOL)
  • Struts 2.5.0 through Struts 2.5.33 (EOL)
  • Struts 6.0.0 through Struts 6.3.0.2

SANS Technology senior researcher Dr. Johannes Ullrich explained that the vulnerability allows attackers to achieve path traversal and remote code execution via file upload exploitation. The expert explained that the root cause of the issue is an incomplete fix for another vulnerability tracked as CVE-2023-50164.

The researcher also confirmed that threat actors are actively exploiting a publicly-released proof-of-concept (PoC) code.

“The vulnerability, CVE-2024-53677, appears to be related to CVE-2023-50164. The older vulnerability is similar, and an incomplete patch may have led to the newer issue.” wrote Ullrich. “PoC exploits have been released (see, for example, [2]). And we are seeing active exploit attempts for this vulnerability that match the PoC exploit code.”

Users are recommended to upgrade to the latest version Struts 6.4.0 or greater and use Action File Upload Interceptor.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
10:56 am, Juli 11, 2025
Wetter-Symbol 28°C
L: 26° | H: 30°
wenige Wolken
Luftfeuchtigkeit: 45 %
Druck: 1021 mb
Wind: 2 mph E
Windböe: 4 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 13%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:56 am
Sonnenuntergang: 9:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
26° | 30°°C 0 mm 0% 8 mph 47 % 1021 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
18° | 30°°C 0 mm 0% 9 mph 65 % 1018 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
17° | 27°°C 0 mm 0% 7 mph 73 % 1014 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
20° | 29°°C 0 mm 0% 14 mph 71 % 1017 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
15° | 27°°C 0 mm 0% 13 mph 71 % 1021 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
29° | 29°°C 0 mm 0% 3 mph 42 % 1021 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
30° | 31°°C 0 mm 0% 5 mph 31 % 1019 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
28° | 28°°C 0 mm 0% 5 mph 28 % 1017 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
18° | 18°°C 0 mm 0% 4 mph 55 % 1018 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 4 mph 65 % 1018 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 6 mph 64 % 1018 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
24° | 24°°C 0 mm 0% 6 mph 45 % 1017 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€101,401.38
6.79%
Ethereum(ETH)
€2,587.08
8.97%
Fesseln(USDT)
€0.85
0.00%
XRP(XRP)
€2.23
6.51%
Solana(SOL)
€140.98
4.32%
USDC(USDC)
€0.85
0.01%
Dogecoin(DOGE)
€0.170222
9.57%
Shiba Inu(SHIB)
€0.000011
7.01%
Pepe(PEPE)
€0.000011
16.11%
Peanut das Eichhörnchen(PNUT)
€0.246894
20.17%
Nach oben scrollen