Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

Share:

Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677.

Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution.

“An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.” reads the advisory published by Apache.

The vulnerability impacts the following software versions:

  • Struts 2.0.0 through Struts 2.3.37 (EOL)
  • Struts 2.5.0 through Struts 2.5.33 (EOL)
  • Struts 6.0.0 through Struts 6.3.0.2

SANS Technology senior researcher Dr. Johannes Ullrich explained that the vulnerability allows attackers to achieve path traversal and remote code execution via file upload exploitation. The expert explained that the root cause of the issue is an incomplete fix for another vulnerability tracked as CVE-2023-50164.

The researcher also confirmed that threat actors are actively exploiting a publicly-released proof-of-concept (PoC) code.

“The vulnerability, CVE-2024-53677, appears to be related to CVE-2023-50164. The older vulnerability is similar, and an incomplete patch may have led to the newer issue.” wrote Ullrich. “PoC exploits have been released (see, for example, [2]). And we are seeing active exploit attempts for this vulnerability that match the PoC exploit code.”

Users are recommended to upgrade to the latest version Struts 6.4.0 or greater and use Action File Upload Interceptor.

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
12:53 am, Jul 2, 2025
weather icon 21°C
L: 20° | H: 22°
scattered clouds
Humidity: 75 %
Pressure: 1015 mb
Wind: 7 mph NNE
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 33%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:48 am
Sunset: 9:20 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
20° | 22°°C 0.38 mm 38% 11 mph 79 % 1022 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
14° | 26°°C 0 mm 0% 13 mph 55 % 1028 mb 0 mm/h
Fri Jul 04 10:00 pm
weather icon
15° | 26°°C 0 mm 0% 12 mph 57 % 1028 mb 0 mm/h
Sat Jul 05 10:00 pm
weather icon
15° | 25°°C 1 mm 100% 15 mph 89 % 1022 mb 0 mm/h
Sun Jul 06 10:00 pm
weather icon
14° | 19°°C 1 mm 100% 13 mph 81 % 1012 mb 0 mm/h
Today 1:00 am
weather icon
20° | 21°°C 0 mm 0% 5 mph 75 % 1015 mb 0 mm/h
Today 4:00 am
weather icon
18° | 20°°C 0 mm 0% 6 mph 76 % 1015 mb 0 mm/h
Today 7:00 am
weather icon
18° | 19°°C 0.2 mm 20% 5 mph 79 % 1016 mb 0 mm/h
Today 10:00 am
weather icon
21° | 21°°C 0.2 mm 20% 6 mph 71 % 1017 mb 0 mm/h
Today 1:00 pm
weather icon
19° | 19°°C 0.38 mm 38% 4 mph 69 % 1018 mb 0 mm/h
Today 4:00 pm
weather icon
23° | 23°°C 0.35 mm 35% 6 mph 41 % 1019 mb 0 mm/h
Today 7:00 pm
weather icon
23° | 23°°C 0.01 mm 1% 11 mph 28 % 1020 mb 0 mm/h
Today 10:00 pm
weather icon
18° | 18°°C 0 mm 0% 10 mph 34 % 1022 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€89,303.86
-1.52%
Ethereum(ETH)
€2,030.01
-3.68%
Tether(USDT)
€0.85
-0.01%
XRP(XRP)
€1.84
-3.29%
Solana(SOL)
€124.13
-5.50%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.133204
-4.74%
Shiba Inu(SHIB)
€0.000009
-2.32%
Pepe(PEPE)
€0.000008
-5.46%
Scroll to Top