AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Critical RCE vulnerability discovered in Apache Struts 2: recommendations and fixes

Technical look at the RCE threat: details, implications and how to protect yourself

Hackers are attacking Apache Struts 2, which is vulnerable due to a Remote Code Execution (RCE) flaw. The vulnerability, known as CVE-2023-50164, allows an attacker to upload a malicious file, resulting in an attack. Struts users are advised to update to the correct version as soon as possible to avoid attacks.

This pill is also available in Italian language

Recently, attackers have targeted Apache Struts 2 installations exposed on the internet, which are vulnerable due to a newly disclosed Remote Code Execution (RCE) flaw. The vulnerability in question, identified as CVE-2023-50164 and with a CVSS score of 9.8, was revealed a week ago. The Apache Software Foundation has provided the corrective patches, urging users to apply them without delay.

Technical details of the vulnerability

The critical flaw lies in Struts' file upload logic: specifically, it could allow an attacker to perform a path traversal attack. This becomes possible when the attacker uploads a malicious file, resulting in an RCE. The flaw exists when you mishandle file upload parameters, allowing you to override an internal file name variable through the manipulation of case-insensitively addressed HTTP parameters, as explained by cybersecurity company Trend Micro.

Impact and method of attack

When loading a file, Struts generates a temporary file that is deleted after the data is written to the assigned path. However, if the temporary file exceeds a certain size, it is not deleted. Attackers exploit this behavior by checking the name of the temporary file to load a malicious payload. Once Struts processes HTTP request arguments, and they contain path traversal characters, security is bypassed.

Recommendations and protection

Security researchers from Trend Micro and other institutions such as Akamai, Malwarebytes, and the Shadowserver Foundation have observed attempts to exploit the flaw. However, it is noted that the large-scale attack is complex due to the difficulties of scanning and exploitation compared to previous vulnerabilities. Struts users are advised to update to a fixed version as soon as possible, as the flaw affects versions 2.0.0 to 2.3.37 (no longer supported), 2.5.0 to 2.5.32, and 6.0 .0 to 6.3.0. Corrective updates are available with Struts versions 2.5.33 and 6.3.0.2.

Follow us on Telegram for more pills like this

12/15/2023 11:16

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon