Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

Source
Advertisement


Concerns are high over a critical, recently disclosed remote code execution (RCE) vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java applications. Developers can use it to build modular Web applications based on what is known as the Model-View-Controller (MVC) architecture. The Apache Software Foundation (ASF) disclosed the bug on Dec. 7 and gave it a near maximum severity rating of 9.8 out of 10 on the CVSS scale. The vulnerability, tracked as CVE-2023-50164 has to do with how Struts handles parameters in file uploads and gives attackers a way to gain complete control of affected systems.

Advertisement