Hackers are Actively Exploiting Apache Struts 2 Vulnerability

Hackers are taking advantage of a Critical Apache Struts Bug’s initial activity with limited IP addresses engaged in exploitation attempts.

Apache is an open-source framework for creating Java EE web applications called Apache Struts. It is used by numerous Fortune 100 businesses and international governments.

On December 7, the Apache Foundation, which manages the Struts library, asked developers to implement a patch to address a vulnerability that allowed a path traversal attack. 

This means that an attacker could gain access to directories on a web server that they shouldn’t have, and in certain situations, they could upload a malicious file for remote code execution.

The vulnerability, CVE-2023-50164, has a 9.8 out of 10 CVSS score.

The Australian Cyber Security Center and CERT-FR have recently detected a wave of exploitation attacks happening across the globe.

These attacks target vulnerable systems and exploit security loopholes to gain access to sensitive data and cause potential harm.

Apache Struts 2 Vulnerability

In some cases, this can result in uploading a malicious file that can be used to carry out Remote Code Execution. An attacker can change file upload parameters to enable pathway traversal.

Cyberthreat intelligence firm Akamai also recorded exploit attempts of this new flaw. “Attackers aim to deploy web shells, with some cases targeting the parameter ‘fileFileName’ – a deviation from the original exploit PoC,” Akamai said.

This cloud flaw results in modifying sensitive files, data theft, service disruption, or lateral movement within the network.

Several preconditions that depend on how the application is implemented and behaves utilizing Apache Struts are necessary to exploit CVE-2023-50164.

Notably, it is hard for the criminal to scan and exploit this vulnerability.

Affected versions/applications:

• Struts 2.3.37 (End Of Life)
• Struts 2.5.0 –> Struts 2.5.32
• Struts 6.0.0 –> Struts 6.3.0.1

Over the years, Struts – an open-source framework for developing web applications in Java – has been a common point of interest for hackers. Several high-profile data breaches, including the infamous 2017 Equifax breach, have exploited vulnerabilities in Struts to gain unauthorized access to sensitive information.

It is recommended that users apply the recently released patches for the framework in all applications that utilize the framework. These patches aim to improve the framework’s overall security and functionality.