Critical RCE vulnerability discovered in Apache Struts 2: recommendations and fixes
Technical look at the RCE threat: details, implications and how to protect yourself
Hackers are attacking Apache Struts 2, which is vulnerable due to a Remote Code Execution (RCE) flaw. The vulnerability, known as CVE-2023-50164, allows an attacker to upload a malicious file, resulting in an attack. Struts users are advised to update to the correct version as soon as possible to avoid attacks.
Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.
Recently, attackers have targeted Apache Struts 2 installations exposed on the internet, which are vulnerable due to a newly disclosed Remote Code Execution (RCE) flaw. The vulnerability in question, identified as CVE-2023-50164 and with a CVSS score of 9.8, was revealed a week ago. The Apache Software Foundation has provided the corrective patches, urging users to apply them without delay.
Technical details of the vulnerability
The critical flaw lies in Struts' file upload logic: specifically, it could allow an attacker to perform a path traversal attack. This becomes possible when the attacker uploads a malicious file, resulting in an RCE. The flaw exists when you mishandle file upload parameters, allowing you to override an internal file name variable through the manipulation of case-insensitively addressed HTTP parameters, as explained by cybersecurity company Trend Micro.
Impact and method of attack
When loading a file, Struts generates a temporary file that is deleted after the data is written to the assigned path. However, if the temporary file exceeds a certain size, it is not deleted. Attackers exploit this behavior by checking the name of the temporary file to load a malicious payload. Once Struts processes HTTP request arguments, and they contain path traversal characters, security is bypassed.
Recommendations and protection
Security researchers from Trend Micro and other institutions such as Akamai, Malwarebytes, and the Shadowserver Foundation have observed attempts to exploit the flaw. However, it is noted that the large-scale attack is complex due to the difficulties of scanning and exploitation compared to previous vulnerabilities. Struts users are advised to update to a fixed version as soon as possible, as the flaw affects versions 2.0.0 to 2.3.37 (no longer supported), 2.5.0 to 2.5.32, and 6.0 .0 to 6.3.0. Corrective updates are available with Struts versions 2.5.33 and 220.127.116.11.Follow us on Twitter for more pills like this