APACHE STRUTS 2 Critical Vulnerability – CVE: 2023-50164

Lockbit Ransomware

Risk Rating: CRITICAL

CVSS Score: 9.8

Vulnerability Type: Remote Code Execution (RCE)

CVE Identifier: CVE-2023-50164

Exploitation Status: Actively exploited.

Affected Version: Struts 2.0.0-2.3.37(EOL), 6.0.0-6.3.0.1, 2.0.0-2.5.32.

Link: Apache.org

Introduction 

Recently discovered, CVE-2023-50164 reveals a critical flaw in Apache Struts that could allow hackers to execute code remotely by manipulating file upload settings. Actively exploited, this poses an imminent threat demanding quick action. It significantly jeopardizes services relying on Apache Struts, emphasizing the urgent need for updates to versions 6.3.0.2 or 2.5.33. With an easily accessible proof of concept on GitHub, web applications should undergo thorough assessments to prevent potential exploits. The urgency is crucial, impacting various sectors and requiring customized advisories for affected vendors. Take prompt action to secure your systems.

Recommended Actions

  • Immediate upgrade to Struts 6.3.0.2 or 2.5.33
Risk Crew