📢⚠️ Years-old vulnerable Apache Struts 2 versions were downloaded 387K+ times in one week, despite a high-severity CVE-2025-68493 flaw - Patch to 6.1.1 now!
Read: https://hackread.com/years-old-vulnerable-apache-struts-2-downloads/
#Cybersecurity #ApacheStruts #Vulnerability #InfoSec #DevSecOps
Security researchers reveal #activeexploitation against a critical #ApacheStruts 2 vulnerability
The vulnerability is tracked as CVE-2024-53677, and when exploited, can allow an attacker to remotely execute code
Administrators are advised to patch ASAP
What's new in #apachestruts 7
Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)
https://nsfocusglobal.com/apache-struts-arbitrary-file-upload-vulnerability-s2-067-cve-2024-53677/
#Infosec #Security #Cybersecurity #CeptBiro #ApacheStruts #Vulnerability
Overview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS […]
👉 Discover the latest on Apache Struts, facing a critical vulnerability with the potential for remote code execution.
Dive into our coverage for detailed insights on this security concern: https://bit.ly/3NEOuJ7
#apachestruts #apache #zeroday #vulnerability #webapplications #https #vulnerabilityscanning #waap #DAST #virtualpatching #appsec #apptrana #indusface
Hackers are exploiting a recently patched vulnerability in Apache Struts. The vulnerability is tracked as CVE-2023-50164, and when exploited, can lead to remote code execution. The vulnerability affects Struts versions 2.0.0 to 2.3.37, 2.5.0 to 2.5.32, and 6.0.0 to 6.3.0. Administrators are advised to patch ASAP, and look for signs of breach on unpatched installations.
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
"⚠️ Critical Apache Struts Vulnerability Alert! CVE-2023-50164 🚨"
Hackers are exploiting a critical vulnerability in Apache Struts (CVE-2023-50164), a popular Java EE web app framework used widely in various industries. This flaw allows unauthorized remote code execution, posing a severe threat to organizations using Struts versions 2.0.0 through 2.5.32 and 6.0.0 through 6.3.0.1. Attackers can manipulate file upload parameters for path traversal, leading to malicious file uploads and potentially gaining control over the server. An immediate upgrade to Struts 2.5.33 or 6.3.0.2 is vital to mitigate this risk.
Source: BleepingComputer, [trganda.github.io](https://trganda.github.io/notes/security/vulnerabilities/apache-struts/Apache-Struts-Remote-Code-Execution-Vulnerability-(-S2-066-CVE-2023-50164), Qualys ThreatPROTECT
Author Credits: Bill Toulas (BleepingComputer), Diksha Ojha (Qualys ThreatPROTECT)
Tags: #CyberSecurity #ApacheStruts #Vulnerability #CVE2023-50164 #RemoteCodeExecution #InfoSec
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
Apache Tiles greatly simplifies web component reuse in your application, especially when paired with Struts support, boosting your confidence in future Struts and Tiles integration...
#apachestruts #apachetiles #java
https://softwaremill.com/how-apache-struts-supports-apache-tiles/
Hackread.com
RF Wave
Scripter 
SoftwareMill
Rene Robichaud
Indusface
🛡 
heise online (inoffiziell)