Description:
The Apache Software Foundation has released the security bulletins to address the vulnerability in Apache Struts. A remote attacker could exploit the vulnerability by sending a specially crafted request to the affected systems.
Reports indicate that the technical details and proof-of-concept (PoC) code of the remote code execution vulnerability (CVE-2023-50164) in Apache Struts are publicly disclosed. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Apache Struts 2.x prior to version 2.5.33
- Apache Struts 6.x prior to version 6.3.0.2
Impact:
Successful exploitation of the vulnerability could lead to remote code execution on an affected system.
Recommendation:
Administrators of the affected systems should upgrade the Apache Struts to current versions 2.5.33 or 6.3.0.2 to address the issue. The updates are available at:
https://struts.apache.org/download.cgi
More Information:
- https://struts.apache.org/announce-2023.html#a20231207-1
- https://struts.apache.org/announce-2023.html#a20231207-2
- https://cwiki.apache.org/confluence/display/WW/S2-066
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50164
