AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Critical RCE vulnerability discovered in Apache Struts 2: recommendations and fixes

Technical look at the RCE threat: details, implications and how to protect yourself

Hackers are attacking Apache Struts 2, which is vulnerable due to a Remote Code Execution (RCE) flaw. The vulnerability, known as CVE-2023-50164, allows an attacker to upload a malicious file, resulting in an attack. Struts users are advised to update to the correct version as soon as possible to avoid attacks.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

Recently, attackers have targeted Apache Struts 2 installations exposed on the internet, which are vulnerable due to a newly disclosed Remote Code Execution (RCE) flaw. The vulnerability in question, identified as CVE-2023-50164 and with a CVSS score of 9.8, was revealed a week ago. The Apache Software Foundation has provided the corrective patches, urging users to apply them without delay.

Technical details of the vulnerability

The critical flaw lies in Struts' file upload logic: specifically, it could allow an attacker to perform a path traversal attack. This becomes possible when the attacker uploads a malicious file, resulting in an RCE. The flaw exists when you mishandle file upload parameters, allowing you to override an internal file name variable through the manipulation of case-insensitively addressed HTTP parameters, as explained by cybersecurity company Trend Micro.

Impact and method of attack

When loading a file, Struts generates a temporary file that is deleted after the data is written to the assigned path. However, if the temporary file exceeds a certain size, it is not deleted. Attackers exploit this behavior by checking the name of the temporary file to load a malicious payload. Once Struts processes HTTP request arguments, and they contain path traversal characters, security is bypassed.

Recommendations and protection

Security researchers from Trend Micro and other institutions such as Akamai, Malwarebytes, and the Shadowserver Foundation have observed attempts to exploit the flaw. However, it is noted that the large-scale attack is complex due to the difficulties of scanning and exploitation compared to previous vulnerabilities. Struts users are advised to update to a fixed version as soon as possible, as the flaw affects versions 2.0.0 to 2.3.37 (no longer supported), 2.5.0 to 2.5.32, and 6.0 .0 to 6.3.0. Corrective updates are available with Struts versions 2.5.33 and 6.3.0.2.

Follow us on Twitter for more pills like this

12/15/2023 11:16

Editorial AI

Last pills

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal group

Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal data

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at risk

Pact between technology companies against electoral manipulationJoint technology initiative to preserve the integrity of democratic voting