A recently patched security flaw in Apache Struts 2, a widely used Java web application framework, is being exploited by attackers using publicly available proof-of-concept code. The vulnerability, rated 9.5 out of 10 on the CVSS risk scale, affects multiple versions of Struts and could allow attackers to manipulate file uploads, potentially leading to remote code execution and data breaches. Security researchers warn that this vulnerability could have significant consequences for organizations relying on Struts.
A critical security hole in Apache Struts 2, patched last week, is now being exploited using publicly available proof-of-concept code.
Struts is a Java-based web application framework widely used by large enterprises and government agencies. Bugs in this open-source project do not tend to end well — remember the, it received a 9.5 out of 10 CVSS risk rating, and it affects Struts versions 2.0.0 to 2.3.37 , 2.5.0 to 2.5.33, and 6.0.0 to 6.3.0.2.
Applications that don't use Struts' File Upload Interceptor component, which was deprecated in version 6.4.0 and removed entirely in 7.0.0, are safe. Attackers can exploit this bug to manipulate file upload parameters and enable path traversal. This can be abused to upload malicious files into restricted directories and can lead to remote code execution under certain conditions.in its advisory, “a vulnerability like CVE-2024-53677 could have far-reaching implications" such as loss of sensitive data, complete system compromise.
And now, according to infosec education outfit SANS’s dean of research Johannes Ullrich, attackers are actively trying to exploit this vulnerability usingEquifax scores £11.1M slap on wrist over 2017 mega breachOr at least, the exploit attempts are"inspired" by this bug as there are at least two vulnerabilities that could be targeted using this code, he added., which Apache fixed in December 2023.
SECURITY VULNERABILITY APACHE STRUTS REMOTE CODE EXECUTION FILE UPLOAD PATH TRAVERSAL
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Apache issues patches for critical Struts 2 RCE bugMore details released after devs allowed weeks to apply fixes
Read more »
Emily Ratajkowski Struts in Lingerie for IntimissimiModel and actress Emily Ratajkowski, 33, promoted Italian lingerie brand Intimissimi with a sultry photo shoot, posing in a $79 black silk triangle bra and an $18 lace G-string. She was announced as the brand's new ambassador, emphasizing the empowering nature of lingerie and her excitement about the collaboration.
Read more »
Coleen Rooney Struts in Bikini After Bushtucker Trial on 'I'm A Celebrity'Coleen Rooney, contestant on 'I'm A Celebrity... Get Me Out Of Here!', displayed her figure in a black bikini after the Bushtucker Trial. She faced a challenge that included a grab machine filled with balls, each holding tickets. Medics attended to her after a critter got stuck in her ear.
Read more »
NCIS Origins star makes passionate plea as he opens up on 'vulnerability'NCIS: Origins star Kyle Schmid has been using his platform to raise awareness for a good cause
Read more »
Emmerdale’s Caleb sobs in rare moment of vulnerability as he makes confessionFollowing the arrival of a relative in ITV soap Emmerdale, Caleb Miligan let the tears flow as he opened up to sister Chas Dingle in the pub
Read more »
Labour Divided Over Assisted Suicide Reform Amid Fears of VulnerabilityEight Cabinet ministers voted against reforming the assisted suicide law, with concerns over vulnerable individuals being pressured into ending their lives. Health Secretary Wes Streeting and Justice Secretary Shabana Mahmood were among those opposing the Bill, despite their departments being responsible for its implementation if the law changes.
Read more »