Skip to main content
HashnodeFPT IS SecurityFPT IS Security

Command Palette

Search for a command to run...

Apache Struts Critical Vulnerability Alert: CVE-2024-53677

Updated
2 min read
Apache Struts Critical Vulnerability Alert: CVE-2024-53677
Đ
Đinh Văn Mạnh
Part of seriesNewsletters-eng

Introduction

Apache Struts is a popular open-source framework for Java-based web applications. It is widely used in enterprise environments due to its robust architecture and good integration with other technologies.

Recently, a critical security vulnerability was discovered in Struts' file upload mechanism, tracked with the code CVE-2024-53677. This vulnerability can lead to remote code execution (RCE), allowing attackers to perform malicious actions on the affected system.

Vulnerability Details

  • Vulnerability Code: CVE-2024-53677

  • CVSS Score: 9.5/10, indicating a high severity level.

  • Affected Versions: versions from 2.0.0 to 2.3.37 (end-of-life), 2.5.0 to 2.5.33, and 6.0.0 to 6.3.0.2.

  • Attack Mechanism: Attackers can perform a path traversal attack, allowing them to upload malicious files into restricted directories.

  • Consequences: Can lead to remote code execution, enabling attackers to run arbitrary code, steal sensitive data, or compromise the entire system.

Impact and Risk

  • Widespread Use: Apache Struts is used in many enterprise IT systems, controlling public portals, internal applications, and critical business processes.

  • Proof of Concept (PoC): Has been published, lowering the barrier for exploitation.

  • High Risk: The vulnerability can have extensive impacts, especially if exploited by malicious actors.

Recommendations

  • Apply Patch: Update to Struts version 6.4.0 or higher.

  • Switch Mechanism: Transition to a new file upload mechanism, which, although not backward compatible, is necessary for security and stability.

Conclusion

The CVE-2024-53677 vulnerability is a serious threat to businesses using Apache Struts. Organizations must urgently update to Struts 6.4.0 or higher to reduce risks and transition to the new file upload mechanism.

Relying on proactive detection and remediation strategies is essential for organizations to properly identify, prioritize, and address vulnerabilities. This is crucial to maintain the security and resilience of their application environments. Ignoring these steps could lead to severe consequences.

Tham Khảo

  1. Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

  2. PoC: https://github.com/TAM-K592/CVE-2024-53677-S2-067

  3. New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

  4. Critical Apache Struts File Upload Vulnerability (CVE-2024-53677)—Risks, Implications, and Enterprise Countermeasures

  5. Alert - CVE-2024-53677 - Vulnerability impacting Apache Struts 2

  6. CVE-2024–53677: A Critical Vulnerability in Apache Struts Exposing Over 83,000 Targets

#threat-intelligence#english#vulnerability#apache

Comments

Join the discussion

No comments yet. Be the first to comment.

Newsletters-eng

Part 1 of 50

More from this blog

F

FPT IS Security

761 posts

Dedicated to providing insightful articles on cybersecurity threat intelligence, aimed at empowering individuals and organizations to navigate the digital landscape safely.