Critical Apache Struts Vulnerability
Critical Apache Struts Vulnerability Requires Patching
What you need to know:
-
Apache has disclosed a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution.
-
Patches for the bug are available in versions 2.5.33 and 6.3.0.2 or greater and should be applied as soon as possible. There are no workarounds that remediate the issue.
- The information security team continues to investigate and respond to this vulnerability. If you detect Apache Struts in your system or software, contact Information Security.
Who is affected?
-
Server and system administrators running Apache Struts 2.
-
Service owners managing vendors whose technology includes Apache Struts
Why it matters
-
Attackers could remotely take control of a system or web application as well as the data housed within it.
Additional Resources
- https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-struts-C2kCMkmT
- https://nvd.nist.gov/vuln/detail/CVE-2023-50164
- Struts is a Java framework that uses the Model-View-Controller (MVC) architecture for building web applications.