A critical security vulnerability has been identified in the Apache Struts framework, known as CVE-2024-53677, posing a grave threat to systems that rely on this popular software. This flaw has been assigned a severity score of 9.5 out of 10 on the Common Vulnerability Scoring System (CVSS), indicating it is highly dangerous and can be exploited by threat actors to achieve remote code execution (RCE).
Exploitation Method and Consequences
The vulnerability allows attackers to exploit the framework through file upload parameters, enabling path traversal. In specific situations, this can result in the upload of a malicious file, ultimately allowing the adversary to execute arbitrary code remotely. Successful exploitation can grant the attacker the ability to execute commands, exfiltrate sensitive data, or download additional harmful payloads to extend their exploitation efforts.
Affected Versions and Resolution
Numerous versions of Apache Struts are affected by this vulnerability, including Struts 2.0.0 through 2.3.37, Struts 2.5.0 through 2.5.33, and Struts 6.0.0 through 6.3.0.2. These versions are either end-of-life or susceptible to the flaw. The issue has been resolved in Struts 6.4.0 and higher versions. Notably, a partial fix for another critical issue (CVE-2023-50164) discovered in December 2023 is suspected to have contributed to this new problem.
Current Exploits and Detection
Dr. Johannes Ullrich from the SANS Technology Institute has observed that current exploit attempts are trying to identify vulnerable systems by locating uploaded malicious scripts using a proof-of-concept (PoC). He noted that initial scans predominantly originate from a specific IP address, 169.150.226[.]162, indicating systematic attempts to exploit the flaw.
Mitigation Steps
Users are strongly urged to update their Apache Struts installations to the latest version promptly. Additionally, it is recommended to rewrite their code using the new Action File Upload mechanism and related interceptors to safeguard their systems against potential exploits. Saeed Abbasi from the Threat Research Unit at Qualys emphasizes the critical importance of Apache Struts in many corporate IT infrastructures, highlighting its role in public interfaces, internal applications, and essential business processes.
Implications and Importance
A significant security weakness has been discovered in the widely used Apache Struts framework, cataloged as CVE-2024-53677. This severe flaw, given a high-risk rating of 9.5 out of 10 on the Common Vulnerability Scoring System (CVSS), represents a major threat to systems that depend on this software. The vulnerability is incredibly perilous, granting malicious attackers the potential to execute remote code execution (RCE).
The Apache Struts framework is often utilized in building web applications, making it an attractive target for cyber attackers. A vulnerability of this magnitude allows these threat actors to gain control of affected systems, possibly leading to data theft, system hijacks, or other malicious activities. Due to its high severity score, immediate action is recommended for users and administrators to update their Apache Struts installations to secure their systems promptly. Failure to address this issue in a timely manner could lead to significant security breaches, disruption of services, and extensive damage to organizations reliant on this software.