Cyber security news for all

More

    Urgent Advisory: Exploitation Attempts Uncover Severe Apache Struts Vulnerability

    Malicious actors are capitalizing on a freshly revealed security flaw affecting Apache Struts, enabling potential remote code execution under certain conditions.

    Designated as CVE-2024-53677, this critical vulnerability is assigned an alarming CVSS score of 9.5 out of 10.0, underscoring its severity. The flaw bears resemblance to a prior high-risk issue (CVE-2023-50164, CVSS score: 9.8) patched in December 2023, which saw active exploitation shortly after its disclosure.

    According to the Apache advisory, “Attackers can manipulate parameters in file uploads to traverse directories and, under specific scenarios, deploy a harmful file capable of facilitating remote code execution.”

    In simpler terms, successful exploitation could empower threat actors to upload arbitrary files to vulnerable environments, allowing them to execute commands, pilfer sensitive data, or deploy additional malicious payloads for extended exploitation.

    Affected Versions and Patches

    The following Apache Struts versions are vulnerable, with fixes available in Struts 6.4.0 and later:

    • Struts 2.0.0 – Struts 2.3.37 (End-of-Life)
    • Struts 2.5.0 – Struts 2.5.33
    • Struts 6.0.0 – Struts 6.3.0.2

    Root Cause and Early Exploitation Observations

    Dr. Johannes Ullrich, research dean at SANS Technology Institute, suggests that the flaw may stem from an incomplete resolution of CVE-2023-50164. Early-stage exploitation attempts align with publicly released proof-of-concept (PoC) scripts, indicating active reconnaissance in the wild.

    “Attackers are currently scanning systems to identify vulnerabilities,” Ullrich observed. “Their next step is locating the uploaded script. Thus far, these probes trace back to IP address 169.150.226[.]162.”

    Mitigation and Preventive Measures

    To shield systems from exploitation, it is strongly advised to:

    1. Update immediately to the latest version of Apache Struts (6.4.0 or higher).
    2. Refactor code to integrate the Action File Upload mechanism and associated interceptors.

    Broader Implications

    Saeed Abbasi, Threat Research Unit product manager at Qualys, emphasized the criticality of this issue:
    “Apache Struts underpins numerous enterprise IT infrastructures, driving customer portals, internal tools, and pivotal workflows. A flaw of this magnitude—such as CVE-2024-53677—could trigger extensive repercussions across industries.”

    Immediate action is imperative to mitigate the risk and prevent widespread exploitation.

    Recent Articles

    Related Stories