Attackers have begun examining Apache Struts 2 instances that are accessible over the internet and impacted by a recently discovered remote code execution (RCE) vulnerability.
A week ago, the Apache Software Foundation released patches for a critical-severity bug (tracked as CVE-2023-50164; CVSS score of 9.8) and advised users to apply them right away. The nonprofit stated in its advisory that path traversal may be enabled by Struts’ file upload logic, which is where the problem lies. In some cases, it enables an attacker to obtain RCE by uploading a malicious file.
According to cybersecurity company Trend Micro, there is a security flaw in the /upload.action endpoint that makes it possible for an attacker to alter the file upload parameters.
Read More: Recent Apache Struts 2 Vulnerability in Attacker Crosshairs
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
