Flash Notice: Threat Actors Attempt to Exploit Apache Struts 2 - Patch Now

overview

This week, attackers are actively attempting to exploit a recently patched path traversal vulnerability (CVE-2023-50164) in Apache Struts 2. Threat actors are using a public proof-of-exploit (PoC) code, specifically targeting the 'fileFileName' parameter.   

CVE-2023-50164 facilitates path traversal through the manipulation of file upload parameters. In certain scenarios, this manipulation may allow attackers to upload malicious files, potentially leading to remote code execution. Also, there has been detection of exploitation attempts in the Shadowserver Foundation’s sensors, however, there are no confirmed successful compromises yet. The vulnerability impacts the following Apache Struts versions: 

• 2.0.0 through 2.5.32 
• 6.0.0 through 6.3.0.1 
• 2.0.0 through 2.3.37 (no longer supported) 

Apache Struts is a commonly used framework for building applications, especially in businesses and various settings. It has often been a focus for attackers when vulnerabilities are made public. Due to its widespread use in Java app development, it attracts a sizable user base, making it susceptible to exploitation. A fix has been implemented in Apache Struts versions 2.5.33 and 6.3.0.2. Struts 2 developers and users are strongly advised to upgrade as soon as possible, as no workarounds are available. 

avertium's recommendationS

• Avertium and Apache Struts highly recommend that all users upgrade to Struts 2.5.33, 6.3.0.2 or greater.  
• Apache notes that there are no issues expected when upgrading to Struts 2.5.33 or 6.3.0.2 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-50164. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Fusion MXDR for Microsoft combines Avertium's Fusion MXDR approach with Microsoft Security Solutions, creating the first MDR offering that integrates all aspects of security operations into an active and threat-informed XDR solution. Leveraging Microsoft's comprehensive and cost-effective technology, Fusion MXDR for Microsoft delivers a release of cyber energy, encompassing implementation, optimization, ongoing management, and tuning. 
  
  
• Avertium offers Vulnerability Management (VM) to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.  
  
  
• Note: We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 

SUPPORTING DOCUMENTATION