Outbreak Alert
Watch Video
Open-source Web Application Framework Targeted
FortiGuard Labs has detected on-going exploit attempts targeting a recently patched Apache Struts 2 vulnerability. Attackers can manipulate file upload parameters to enable path traversal, potentially leading to malicious file upload. This may result in Remote Code Execution, allowing attackers to run arbitrary code, steal data, or compromise entire systems. Learn More »
Common Vulnerabilities and Exposures
Background
The vulnerability, CVE-2024-53677, is seemingly related to CVE-2023-50164 suggesting that incomplete patches may have contributed to the newly discovered flaw. Back in Dec, 2023, FortiGuard Labs warned about (CVE-2023-50164) by releasing a Threat Signal report: https://www.fortiguard.com/threat-signal-report/5356
According to the vendor advisory, this change isn't backward compatible and users must start using the new Action File Upload mechanism and related interceptor and using the old File Upload mechanism keeps you vulnerable to this attack.
Apache Struts 2, is an open-source framework for building Java-based web applications used in many enterprise for creating scalable and robust web applications, given its widespread use in enterprise applications, unpatched systems are high-value targets, increasing the risk of breaches and operational disruption.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Users are strongly advised upgrade at least to Struts 6.4.0 (or the latest version) and migrate to the new file upload mechanism.
-
December 15, 2024: Internet Storm Center reported on the exploit attempts that are attempting to enumerate vulnerable systems.
https://isc.sans.edu/diary/31520 -
November 26, 2024: the Apache Software Foundation released a security bulletin for CVE-2024-53677
https://cwiki.apache.org/confluence/display/WW/S2-067 -
December 19, 2023: FortiGuard Labs released a Threat Signal (CVE-2023-50164)
https://www.fortiguard.com/threat-signal-report/5356
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Web App Security
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Vulnerability Management
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
References
Sources of information in support and relation to this Outbreak and vendor.