Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Close Menu
Latest News
Human Rights Watch argues for Westernization of Saudi ArabiaSevan Island beaches: Armenia’s “Blue Pearl” is ready to receive vacationersWhat I learned about change management while renovating my homeShane Negrinжавахкская диаспора России призывает власти урегулировать проблWWE: Resultados Smackdown Live 19 dezembro – Impacto GlobalWhatsapp latest status | Sebugiমানবতাবিরোধী অপরাধের বিচারপ্রক্রিয়া থেমে Parameters | Spring 2023 > U.S. Military War CollegeChina’s future military capabilities > U.S. Army War CollegeThe American and the Dragon: Confederate War Lessons from the Boxer Rebellion > U.S. Military War CollegeCaribbean Security Challenges: Threats, Migration, and International Cooperation > U.S. Military War CollegeWe don’t really know which NATO allies are stepping up. > U.S. Military War CollegeNATO national defense demands improvements on the Eastern Front > U.S. Army War CollegeAnnual Forecast of the Strategic Security Environment for 2023 > U.S. Military War CollegeParameters | Winter 2023-24 > U.S. Military War CollegeDeterring war without threatening war: Repairing the West’s risk-averse approach to deterrence > U.S. Army War ColHigh North International Competition: Kingston Conference on International Security 2022 > U.S. Military War CollegeParameters | Spring 2024 > U.S. Military War CollegeResearch Handbook on NATO “Collective Defense” > U.S. Military War CollegeEmerging Technologies and Terrorism: An American Perspective > U.S. Military War CollegeArgentina: Security Challenges and the Government Response > US Army War CollegeBook Review: Thank You for Your Service: The Causes and Consequences of Public Confidence in the U.S. Military > U.S. ArActive on both sides of the U.S.-China conflict > U.S. Army War CollegeParameters | Summer 2024 > U.S. Military War CollegeA Call to Action: Lessons from Ukraine for Future Military > U.S. Military War CollegeComments Isn’t it safe?Lieutenant General Robert C. Richardson, Jr.: Commander, Central Pacific Theater Army, Admiral Chester W. Nimitz 1943-19Annual Forecast of the Strategic Security Environment for 2024 > U.S. Army War CollegeNATO’s 75th Anniversary Strategic Concept > U.S. Military War CollegeDurdum Sustum GülümsedimDeneme Günlüğü | Donanim Harbor ForumSatellites in the Russia-Ukraine War > U.S. Military War CollegeParameters | Fall 2024 > U.S. Military War CollegeThe Growing Significance of China-Russia Defense Cooperation > US Army War College
Avice Intelligence and Security

Apache Struts 2 RCE Attack | Outbreak Alert

chief editorBy No Comments2 Mins Read


Open-source Web Application Framework Targeted

FortiGuard Labs has detected on-going exploit attempts targeting a recently patched Apache Struts 2 vulnerability. Attackers can manipulate file upload parameters to enable path traversal, potentially leading to malicious file upload. This may result in Remote Code Execution, allowing attackers to run arbitrary code, steal data, or compromise entire systems. Learn More »

Background

The vulnerability, CVE-2024-53677, is seemingly related to CVE-2023-50164 suggesting that incomplete patches may have contributed to the newly discovered flaw. Back in Dec, 2023, FortiGuard Labs warned about (CVE-2023-50164) by releasing a Threat Signal report: https://www.fortiguard.com/threat-signal-report/5356

According to the vendor advisory, this change isn’t backward compatible and users must start using the new Action File Upload mechanism and related interceptor and using the old File Upload mechanism keeps you vulnerable to this attack.

Apache Struts 2, is an open-source framework for building Java-based web applications used in many enterprise for creating scalable and robust web applications, given its widespread use in enterprise applications, unpatched systems are high-value targets, increasing the risk of breaches and operational disruption.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various
events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Users are strongly advised upgrade at least to Struts 6.4.0 (or the latest version) and migrate to the new file upload mechanism.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors,
their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related
vulnerabilities.

Loading …

Currently being processed

References

Sources of information in support and relation to this Outbreak and vendor.



Source link

Branding Banner 728x90

Trusted source for breaking news and journalism. Avice News Trust is a leading media organization dedicated to delivering reliable news coverage and journalism. As a digital news platform, we focus on breaking news, current events, and in-depth news reporting. Our commitment to media trust ensures our audience receives accurate and timely updates. Explore a wide range of news articles and stay informed with Avice News Trust, your dependable news network.

Related Posts

Add A Comment
Leave A Reply