CVE-2023-50164: A Critical Vulnerability in Apache Struts
2023-12-19 20:34:31 Author: securityboulevard.com(查看原文) 阅读量:27 收藏

On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. 

Apache Struts is a popular, free, open-source framework that is used in the creation of modern Java web applications for numerous commercial and open-source projects. Vulnerabilities in Struts have been popular targets for threat actors, such as the Equifax breach in 2017. Given its widespread distribution, any vulnerability in Apache Struts can become a matter of significant concern across various sectors.

By exploiting this vulnerability, attackers can manipulate file upload parameters, allowing for path traversal. Consequently, a malicious file can be uploaded, opening the door to a remote code execution (RCE).

Several proofs of concepts (POCs) were published on December 11, 2023. The Imperva Threat Research team created additional dedicated mitigations for this vulnerability, in addition to the existing rules and signatures, which are effective.

Over the past few days, we observed thousands of exploitation attempts, all of which were successfully thwarted by Imperva Cloud WAF, Imperva RASP, and Imperva WAF Gateway (customer-managed WAF). Most of the attempts originate from IP addresses in the United States and France. 

Most exploitation attempts were carried out by automated hacking tools written in the Go programming language. Web applications targeted in the exploitation were sourced from the United States, Australia, the Netherlands, and New Zealand. 

During an exploitation attempt, an attacker will craft a special request to upload malicious web shells, commonly in the formats of.JSP or .WAR files, to locations unintended for user-uploaded content, and not originally accessible, using path traversal techniques.

Despite having protection measures, we strongly advise customers to stay vigilant and ensure their systems are promptly updated with the latest security patches. As always, Imperva​​ Threat Research is monitoring the situation and will provide updates as new information emerges.

The post CVE-2023-50164: A Critical Vulnerability in Apache Struts appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Muly Levy. Read the original post at: https://www.imperva.com/blog/cve-2023-50164-protecting-customers-from-a-critical-vulnerability-in-apache-struts/


文章来源: https://securityboulevard.com/2023/12/cve-2023-50164-a-critical-vulnerability-in-apache-struts/
如有侵权请联系:admin#unsafe.sh