HomeVulnerabilityApache Struts 2 vulnerability found, as proof of idea circulates

Apache Struts 2 vulnerability found, as proof of idea circulates

A brand new vulnerability within the Struts 2 internet software framework can doubtlessly allow a distant attacker to execute code on techniques working apps primarily based on earlier variations of the software program.

The vulnerability, introduced this week by Apache, includes a possible attacker manipulating file add parameters in what’s known as a path traversal assault. Path traversal is a broad time period, in accordance with Akamai senior security researcher Sam Tinklenberg.

“On this case, the usage of path traversals permits an attacker to add a malicious file, most definitely a webshell, exterior of the traditional add listing,” he stated. “The precise location will differ from software to software and have to be a legitimate path which could be accessed from the web.”

The flaw impacts solely older variations of the Struts 2 framework, and upgrading to variations 2.5.33, 6.3.0.2 or larger ought to eradicate the potential of exploitation. It was first reported by researcher Steven Seeley.

Struts’ maintainers on the Apache Software program Basis urged customers to patch instantly, saying that the replace is “a drop-in substitute, and improve needs to be easy.”

See also  Avangrid companions with state fusion cell to combat cyber threats by way of information sharing

Including urgency to the necessity to patch is the information that proof of idea code has been noticed within the wild. A publish from the Shadowserver Basis, a nonprofit security group that payments itself as a number one reporter and tracker of malicious web exercise, on X (previously Twitter), stated that PoC code has been seen on sensors.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular