Critical Apache Struts Vulnerability Targeted by Hackers Using Public Proof-of-Concept

December 13, 2023

Hackers have begun to exploit a recently resolved critical vulnerability in Apache Struts, an open-source web application framework. The flaw, known as CVE-2023-50164, enables remote code execution (RCE) and is being exploited using publicly accessible proof-of-concept (PoC) exploit code. According to the Shadowserver scanning platform, a limited number of IP addresses have been observed attempting to exploit the vulnerability.

Apache Struts is known for its efficiency in developing scalable, reliable, and easily maintainable web applications, making it a popular choice across various industries in both the private and public sectors, including government organizations. The vulnerability in question, a path traversal flaw, was addressed on December 7 when Apache released Struts versions and 2.5.33. If certain conditions are met, this security issue can be exploited, allowing an attacker to upload malicious files and achieve RCE on the targeted server.

A threat actor exploiting this vulnerability could alter sensitive files, steal data, disrupt essential services, or move laterally within the network. This could result in unauthorized access to web servers, manipulation or theft of sensitive data, disruption of critical services, and lateral movement within compromised networks. The RCE vulnerability affects Struts versions 2.0.0 through 2.3.37 (end of life), Struts 2.5.0 through 2.5.32, and Struts 6.0.0 up to 6.3.0.

A security researcher published a technical write-up for CVE-2023-50164 on December 10, detailing how a threat actor could tamper with file upload parameters in attacks. Another write-up, which includes exploit code for the flaw, was published subsequently.

In a security advisory, Cisco stated that it is investigating CVE-2023-50164 to ascertain which of its products with Apache Struts could be affected and to what degree. The Cisco products under review include the Customer Collaboration Platform, Identity Services Engine (ISE), Nexus Dashboard Fabric Controller (NDFC), Unified Communications Manager (Unified CM), Unified Contact Center Enterprise (Unified CCE), and Prime Infrastructure. Cisco's security bulletin, which is expected to be updated with new information, contains a complete list of potentially affected products.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.