TLDR:
- Threat actors are targeting Apache Struts 2 due to vulnerabilities that can be exploited for unauthorized access to web applications.
- Researchers at CYFIRMA Research have discovered that over 1.7 million Apache Struts 2 installations are open to Remote Code Execution (RCE) attacks.
Cybersecurity researchers have discovered that over 1.7 million Apache Struts 2 installations are open to Remote Code Execution (RCE) attacks. Apache Struts 2 is widely used in web development, making it an attractive target for attackers seeking widespread exploits and data breaches. The RCE flaw, tracked as “CVE-2023-50164,” allows threat actors to execute arbitrary code and perform file upload attacks. The severity of the flaw is tied to a file upload weakness in the Apache Struts framework, posing serious security risks. The exploit relies on HTTP parameter case sensitivity manipulation to manipulate critical variables. The Apache team has responded to the vulnerability by introducing the equalsIgnoreCase() method to counter case sensitivity manipulation. They have also addressed concerns related to the handling of oversized temporary files during uploads, introducing the commitment to “Always delete uploaded file” to ensure consistent removal of temporary files and mitigate the risk of persistent attacks. It is recommended to apply Apache Struts 2 updates promptly and implement additional defense measures such as custom rules, file upload monitoring, and improved firewall settings to mitigate the risk of unauthorized access and code execution.