More details released after devs allowed weeks to apply fixes
We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE.
According to the National Vulnerability Database , which published the CVE on Wednesday, Apache scored CVE-2024-53677 a 9.5 using the CVSSv4 framework while Tenable noted a 9.8 rating using CVSSv3 – take your pick. Considering remote attackers could exploit the vulnerability without requiring any privileges, combined with the high impact to system confidentiality, integrity, and availability, it's likely the Apache Foundation withheld the juiciest details to allow customers to upgrade to a safe version .and under some circumstances this can lead to uploading a malicious file which can be used to perform remote code execution.
Upgrading this mechanism isn't as easy as applying a simple update. Users will have to rewrite their actions to ensure compatibility with Action File Upload but the alternative isn't acceptable. As Apache notes:"Using the old File Upload mechanism keeps you vulnerable to this attack.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumbleIf you didn't fix this a month ago, your to-do list probably needs a reshuffle
Read more »
Emily Ratajkowski Struts in Lingerie for IntimissimiModel and actress Emily Ratajkowski, 33, promoted Italian lingerie brand Intimissimi with a sultry photo shoot, posing in a $79 black silk triangle bra and an $18 lace G-string. She was announced as the brand's new ambassador, emphasizing the empowering nature of lingerie and her excitement about the collaboration.
Read more »
Coleen Rooney Struts in Bikini After Bushtucker Trial on 'I'm A Celebrity'Coleen Rooney, contestant on 'I'm A Celebrity... Get Me Out Of Here!', displayed her figure in a black bikini after the Bushtucker Trial. She faced a challenge that included a grab machine filled with balls, each holding tickets. Medics attended to her after a critter got stuck in her ear.
Read more »
Boozed-up soldiers caught having sex in Apache helicopter: Drunken pair's cockpit romp sparks safety...Taking a look at the new Apache attack helicopters, which can detect 256 potential targets at once and prioritise threats in seconds, which are currently undergoing test flights with the British Army.
Read more »
Army staff caught two drunk soldiers having sex in Apache helicopterThe personnel employee discovered the pair in the cockpit during routine maintenance aboard the H-64 gunship, which belonged to the Army Air Corps.
Read more »
Drunken soldiers' caught during Apache cockpit romp spark military safety reviewTwo soldiers who were caught having boozy late-night sex in the cockpit of a Apache helicopter have triggered a safety review by the military.
Read more »