Versions from 2.0.0 to 2.5.32 and from 6.0.0 to 6.3.0.1 are affected.You need to update as soon as possible.
Apache released fixes for a critical vulnerability in the popular open web framework Apache Struts 2 with the identifier CVE-2023-50164, which can lead to remote code execution (RCE). The discovery of the vulnerability is attributed to bug hunter Stephen Seeley of Source Incite.
CVE-2023-50164 allows attackers to manipulate file upload parameters, which can lead to bypassing the path and downloading a malicious file used for remote code execution. Additional details about the vulnerability have not yet been disclosed.
The issue affects Apache Struts versions 2.0.0 to 2.5.32 and 6.0.0 to 6.3.0.1. In turn, the fix is integrated starting with versions 2.5.33 and 6.3.0.2.
Web developers are strongly encouraged to perform this update, and the process will not take much time and will not require changes to the current configuration.
Apache Struts 2 is often used by attackers to conduct attacks. This is a modern open Java framework for creating ready-to-use web applications in an enterprise environment. Its predecessor, Apache Struts 1, is no longer supported.
In 2017, the security breach of the Equifax website in the United States and the subsequent large-scale data leak were caused by a vulnerability in Apache Struts 2, as well as insufficiently prompt measures to eliminate it by responsible persons.
Apache released fixes for a critical vulnerability in the popular open web framework Apache Struts 2 with the identifier CVE-2023-50164, which can lead to remote code execution (RCE). The discovery of the vulnerability is attributed to bug hunter Stephen Seeley of Source Incite.
CVE-2023-50164 allows attackers to manipulate file upload parameters, which can lead to bypassing the path and downloading a malicious file used for remote code execution. Additional details about the vulnerability have not yet been disclosed.
The issue affects Apache Struts versions 2.0.0 to 2.5.32 and 6.0.0 to 6.3.0.1. In turn, the fix is integrated starting with versions 2.5.33 and 6.3.0.2.
Web developers are strongly encouraged to perform this update, and the process will not take much time and will not require changes to the current configuration.
Apache Struts 2 is often used by attackers to conduct attacks. This is a modern open Java framework for creating ready-to-use web applications in an enterprise environment. Its predecessor, Apache Struts 1, is no longer supported.
In 2017, the security breach of the Equifax website in the United States and the subsequent large-scale data leak were caused by a vulnerability in Apache Struts 2, as well as insufficiently prompt measures to eliminate it by responsible persons.
