Apache Struts enables malicious uploads
- December 13, 2024
- 0
A vulnerability in Apache Struts 2 allows criminals to upload malicious files to servers. A patch is available, but a workaround is not. Apache Struts 2 is vulnerable
A vulnerability in Apache Struts 2 allows criminals to upload malicious files to servers. A patch is available, but a workaround is not.
Apache Struts 2 is vulnerable to a flaw that allows attackers to upload files to a server and execute custom code. The vulnerability receives a CVSS score of 9.8. The error lies in the code that has to do with the upload functions of the software. Attackers can play with parameters to execute files on a server and take control.
Criticism without a workaround
The bug is called CVE-2023-50164 and is critical. There is no workaround that can fix the problem. Therefore, the only solution is to install the latest patch. Apache Struts 2.5.33 or 6.3.0.2 are no longer affected by the issue.
Apache Struts 2 is no longer the most modern framework, but is still very popular. A vulnerability in the solution can have far-reaching consequences. Anyone who uses Apache Struts 2 should not hesitate and give the patch absolute priority. In any case, the misery involved is less than the problems if a hacker inevitably exploits the flaw to gain access.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
