Threat actors are attempting to exploit a recently disclosed security flaw affecting Apache Struts that could open the way for remote code execution.
Issue tracked as CVE-2024-53677has a CVSS score of 9.5 out of 10.0, indicating critical severity. This vulnerability is similar to another critical bug that the developers of the project fixed in December 2023. (CVE-2023-50164CVSS score: 9.8) that too came under active exploitation shortly after public disclosure.
“An attacker could manipulate file download parameters to allow path traversal, and under some circumstances this could lead to the download of a malicious file that could be used to execute remote code,” it said. Apache Consulting.
In other words, successful exploitation of the flaw could allow an attacker to download arbitrary payloads to vulnerable instances, which could then be used to execute commands, steal data, or download additional payloads for later use.
The vulnerability affects the following versions and was fixed in Struts 6.4.0 or higher –
- Struts 2.0.0 – Struts 2.3.37 (End of Life),
- Struts 2.5.0 – Struts 2.5.33 and
- Struts 6.0.0 – Struts 6.3.0.2
Dr. Johannes Ulrich, dean of research at the SANS Institute of Technology, said that an incomplete patch for CVE-2023-50164 could have led to a new problem by adding exploits that match publicly published proof-of-concept (PoC) were discovered in the wild.
“At the moment, exploit attempts are trying to list vulnerable systems,” Ulrich noted. Next, the attacker tries to find the downloaded script. So far, scans come only from 169.150.226(.)162″.
To reduce the risk, users are advised to upgrade to the latest version as soon as possible and rewrite their code to use the new version Action file download mechanism and an associated interceptor.
“Apache Struts is at the heart of many enterprise IT stacks, powering public portals, internal productivity applications, and critical business workflows,” said Saeed Abbasi, Product Manager, Threat Research, Qualys. said. “Its popularity in high-stakes contexts means that a vulnerability like CVE-2024-53677 can have far-reaching consequences.”
