Hackers are exploiting a new Apache Struts2 vulnerability (CVE-2024-53677) with a critical CVSS score of 9.5, posing severe risks.
Apache Struts2 flaw
Apache Struts2 recently announced a vulnerability with path-traversal, allowing attackers to upload files into restricted directories, potentially enabling remote code execution. If a webshell is uploaded to the web root, hackers could gain control of the system.
This flaw appears related to CVE-2023-50164, which was poorly addressed, leading to the current threat. Patching the issue isn’t simple—users must switch to a new Action File Upload mechanism and interceptor, as the old one leaves systems vulnerable.
Public proof-of-concept (PoC) exploits for CVE-2024-53677 have been released, and attackers are actively targeting vulnerable systems. These attempts use PoC code to identify systems that are susceptible to the exploit.
One common attack method involves sending HTTP POST requests to upload a crafted script file, “exploit.jsp,” which contains a basic script to check for the presence of Apache Struts.
Exploit Code Example:
POST /actionFileUpload HTTP/1.1
Host: [honeypot IP address]:8090
User-Agent: python-requests/2.32.3
Accept-Encoding: gzip, deflate, zstd
Accept: */*
Connection: keep-alive
Content-Length: 222
Content-Type: multipart/form-data; boundary=0abcfc26e3fa0afbd6db1ba369dfcc37
--0abcfc26e3fa0afbd6db1ba369dfcc37
Content-Disposition: form-data; name="file"; filename="exploit.jsp"
Content-Type: application/octet-stream
<% out.println("Apache Struts"); %>
--0abcfc26e3fa0afbd6db1ba369dfcc37--
If the script is successfully uploaded and executed, attackers can then use HTTP GET requests to remotely execute further malicious actions on the compromised system. This exploit highlights the urgency of addressing the vulnerability to prevent unauthorized access.
ISC reports show that current exploit attempts trace back to IP address 169.150.226.162, actively scanning for vulnerable systems. The attacker initially targeted simple URLs, likely searching for other upload vulnerabilities.
Given the severity of the issue, organizations using Apache Struts2 must update systems promptly and transition to the recommended Action File Upload mechanism. Monitoring network traffic for unusual activities is also essential to identify and prevent potential threats.
Organizations must stay vigilant, as cybersecurity threats are constantly evolving. Immediate action and ongoing security reviews are vital to protect web applications.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment