A severe security vulnerability in Apache Struts (CVE-2024-53677) is currently being targeted by threat actors. The flaw, rated 9.5 out of 10.0 on the CVSS scale, enables remote code execution through manipulated file upload parameters.
The vulnerability allows attackers to perform path traversal attacks and potentially upload malicious files, leading to unauthorized command execution, data theft, or deployment of additional malware. This flaw bears resemblance to a previous critical vulnerability (CVE-2023-50164) discovered in December 2023.
Affected Versions:
– Struts 2.0.0 – 2.3.37 (End-of-Life)
– Struts 2.5.0 – 2.5.33
– Struts 6.0.0 – 6.3.0.2
According to Dr. Johannes Ullrich from SANS Technology Institute, active exploitation attempts have been detected, primarily originating from IP address 169.150.226.162. These attempts currently focus on identifying vulnerable systems.
The vulnerability is particularly concerning as Apache Struts is widely used in corporate environments for critical business applications and public-facing portals, as noted by Qualys’s Saeed Abbasi.
Mitigation Steps:
1. Upgrade to Struts version 6.4.0 or higher
2. Implement the new Action File Upload mechanism
3. Update related interceptor configurations