ACSC Warns of Remote Code Execution Risk in Apache Struts2
Overview
The Australian Cyber Security Center (ACSC) has alerted organizations about a severe vulnerability in the Apache Struts2 Framework. The vulnerability, CVE-2024-53677, has been identified in the Framework, posing a critical risk to organizations that use, develop, or support Java-based applications built on this widely adopted framework.
This vulnerability primarily affects versions of Apache Struts2 before 6.4.0 and can lead to severe security breaches, including remote code execution (RCE). Australian organizations using these versions must take immediate action to mitigate the risks posed by this flaw.
CVE-2024-53677 is a critical file upload vulnerability in the Apache Struts2 Framework. It allows attackers to exploit path traversal flaws and manipulate file upload parameters. The flaw is found in the deprecated File Upload Interceptor component.
Under certain circumstances, this can lead to the uploading of malicious files that could be executed remotely, potentially giving attackers full control over the affected system. The issue is particularly concerning for enterprise Java applications that rely on Apache Struts2.
Details of Apache Struts2 Framework Vulnerability (CVE-2024-53677)
According to the Apache advisory, the affected versions of Struts include Struts 2.0.0 through 2.3.37 (end-of-life versions), Struts 2.5.0 through 2.5.33, and Struts 6.0.0 through 6.3.0.2. The vulnerability has been classified as “critical,” with a CVSSv3 score of 9.8, reflecting its potential for exploitation.
This issue is not isolated; Apache Struts vulnerabilities have been popular targets for threat actors, with two major incidents occurring in 2017 and 2023. As such, CVE-2024-53677 must be taken seriously by organizations that continue to use older versions of Struts.
Organizations using Java applications that leverage the affected versions of Apache Struts2 are at high risk of exploitation. This includes various industries such as government, telecommunications, finance, and e-commerce, where the framework remains integral to business operations.
The critical nature of CVE-2024-53677 lies in its ability to facilitate remote code execution. Once an attacker successfully uploads a malicious file—often a web shell—through the vulnerable file upload mechanism, they can execute arbitrary commands, steal sensitive data, and further compromise the system.
Recommendations for securing your systems
Organizations are strongly advised to take the following steps to mitigate the risks associated with CVE-2024-53677:
- The most effective way to address the vulnerability is to upgrade to Apache Struts 6.4.0 or a later version. This version replaces the deprecated File Upload Interceptor with the more secure Action File Upload Interceptor, which significantly reduces the risk of exploitation. However, migrating to this new file upload mechanism requires modifications to the existing code, as the old File Upload Interceptor is no longer secure.
- If upgrading to Struts 6.4.0 is not immediately feasible, organizations should apply any available patches for affected versions of Struts. Additionally, continuous monitoring of systems for suspicious activity is crucial. Logs should be reviewed regularly for any indications of attempts to exploit the vulnerability.
- Organizations should audit their Java-based applications to determine whether they are using the affected versions of Apache Struts. They should also verify whether the vulnerable File Upload Interceptor component is being used. Applications that do not rely on this component are not affected by CVE-2024-53677.
- Given the critical nature of this vulnerability, organizations must stay updated on vendor advisories and any new patches or security releases. Apache’s security bulletins should be regularly checked to ensure that any new information or mitigation strategies are quickly applied.
Conclusion
CVE-2024-53677 presents a critical risk of remote code execution (RCE), allowing attackers to exploit file upload vulnerabilities and gain unauthorized control over systems. Organizations using Struts2 versions prior to 6.4.0 must upgrade immediately and migrate to the new Action File Upload Interceptor.
Prompt patching and monitoring are essential to prevent exploitation. To strengthen defenses, businesses can turn to Cyble’s AI-powered cybersecurity solutions like Cyble Vision, which offer advanced threat intelligence, dark web monitoring, and proactive risk detection. Discover how Cyble Vision can enhance your cybersecurity strategy by booking a free demo today.
References:
The post ACSC Warns of Remote Code Execution Risk in Apache Struts2 appeared first on Cyble.
Blog – Cyble – Read More