Menace actors are trying to take advantage of a lately disclosed security flaw impacting Apache Struts that might pave the way in which for distant code execution.
The problem, tracked as CVE-2024-53677, carries a CVSS rating of 9.5 out of 10.0, indicating crucial severity. The vulnerability shares similarities with one other crucial bug the venture maintainers addressed in December 2023 (CVE-2023-50164, CVSS rating: 9.8), which additionally got here underneath energetic exploitation shortly after public disclosure.
“An attacker can manipulate file add params to allow paths traversal and underneath some circumstances this will result in importing a malicious file which can be utilized to carry out Distant Code Execution,” in keeping with the Apache advisory.
In different phrases, profitable exploitation of the flaw might permit a malicious actor to add arbitrary payloads to prone cases, which might then be leveraged to run instructions, exfiltrate knowledge, or obtain further payloads for follow-on exploitation.
The vulnerability impacts the next variations, and has been patched in Struts 6.4.0 or higher –
- Struts 2.0.0 – Struts 2.3.37 (Finish-of-Life),
- Struts 2.5.0 – Struts 2.5.33, and
- Struts 6.0.0 – Struts 6.3.0.2
Dr. Johannes Ullrich, dean of analysis for SANS Expertise Institute, mentioned that an incomplete patch for CVE-2023-50164 could have led to the brand new downside, including exploitation makes an attempt matching the publicly-released proof-of-concept (PoC) have been detected within the wild.
“At this level, the exploit makes an attempt are trying to enumerate weak methods,” Ullrich famous. “Subsequent, the attacker makes an attempt to seek out the uploaded script. Up to now, the scans originate solely from 169.150.226[.]162.”
To mitigate the danger, customers are really useful to improve to the most recent model as quickly as attainable and rewrite their code to make use of the brand new Motion File Add mechanism and associated interceptor.
“Apache Struts sits on the coronary heart of many company IT stacks, driving public-facing portals, inside productiveness purposes, and demanding enterprise workflows,” Saeed Abbasi, product supervisor of Menace Analysis Unit at Qualys, mentioned. “Its reputation in high-stakes contexts implies that a vulnerability like CVE-2024-53677 might have far-reaching implications.”
