December 21, 2023 at 09:20AM Sonatype reports low adoption of fixed versions of Struts 2 despite a critical RCE vulnerability (CVE-2023-50164) in the frameworkâs file upload feature. The fix is simple: use updated Struts versions. With active exploitation and ease of automatable attacks, Sonatype urges immediate upgrades to mitigate potential risks and emphasizes vigilant maintenance … Read more
December 15, 2023 at 04:21PM A critical remote code execution (RCE) vulnerability in Apache Struts 2 has raised significant concern due to active exploitation, affecting widely used Java applications and systems. The flaw poses a significant security risk to organizations worldwide. Recommendations include immediate software updates, as no mitigations are available. While complexities make widespread … Read more
December 15, 2023 at 06:42AM Threat actors are exploiting a critical remote code execution flaw in internet-accessible Apache Struts 2 instances. Tracked as CVE-2023-50164, the bug allows attackers to manipulate file upload parameters and upload malicious files, resulting in RCE. Despite widespread exploitation attempts, scaling the attack is challenging. Users of affected Struts versions are … Read more
December 15, 2023 at 02:37AM The blog discusses CVE-2023-50164, a critical vulnerability in Apache Struts 2 that enables unauthorized path traversal and remote code execution. It advises users to upgrade to Struts 2.5.33, 6.3.0.2, or higher to mitigate the risk. The vulnerability is exploited by various threat actors and can be mitigated using security solutions … Read more