Attackers are actively exploiting a critical vulnerability in Apache Struts 2, the Internet Storm Center (ISC) reports. The vulnerability (CVE-2024-53677) allows remote code execution. Struts is a very popular open source framework for developing Java web applications and websites.
The vulnerability allows a remote attacker to modify file upload parameters, allowing path traversal and in some cases uploading malicious files, leading to remote code execution. The issue has been resolved in Struts 6.4.0. Last week, a security bulletin and update for CVE-2024-53677 appeared online. Proof-of-concept exploit code has also appeared online. According to the ISC, the attacks now observed are based on this code. No further details about the attacks are known.
Vulnerabilities in Apache Struts have been used more often in attacks in the past. Last December, another vulnerability (CVE-2023-50164) was actively exploited, and in 2017, attackers managed to steal the data of more than 147 million Americans from the US credit bureau Equifax via a critical Struts vulnerability.
| In short: |
|---|
| Vulnerability: CVE-2024-53677 in Apache Struts 2 |
| Type of Attack: Remote code execution |
| Impact: Allows malicious file uploads via path traversal |
| Fix: Resolved in Struts 6.4.0 |
| Historical Context: Similar vulnerabilities have led to high-profile attacks in the past |
