Hackers have begun exploiting a newly found vulnerability in Apache Struts2, a broadly used open-source framework for creating Java internet functions.
The vulnerability, assigned the identifier CVE-2024-53677, has a vital CVSS rating of 9.5, indicating its potential for extreme impression if left unaddressed.
Background on the Vulnerability
Apache Struts2 introduced the vulnerability final week, highlighting its path-traversal nature.
This flaw permits attackers to add information into directories that needs to be restricted, doubtlessly resulting in distant code execution.
If hackers efficiently add a webshell into the online root, they may acquire unauthorized management over the affected system.
The vulnerability appears to have ties to a earlier challenge, CVE-2023-50164, which was inadequately addressed, main to the current risk.
Regardless of Apache’s efforts, patching this vulnerability shouldn’t be easy. In keeping with Apache, customers should transition to a brand new Motion File Add mechanism and interceptor to mitigate the chance, because the outdated mechanism leaves techniques uncovered.
2024 MITRE ATT&CK Analysis Outcomes Launched for SMEs & MSPs -> Obtain Free Information
Exploit Makes an attempt
Proof-of-concept (PoC) exploits for CVE-2024-53677 have been launched publicly, with a number of makes an attempt now actively focusing on susceptible techniques.
These makes an attempt intently mimic the PoC exploit code, aiming to determine techniques inclined to assault.
One noticed exploit try entails using HTTP POST requests to add a crafted script file, “exploit.jsp,” which incorporates a easy script supposed to confirm the presence of Apache Struts.
If profitable, attackers can then search out the uploaded script utilizing HTTP GET requests to execute malicious actions remotely.
Exploit Code Instance:
POST /actionFileUpload HTTP/1.1
Host: [honeypot IP address]:8090
Consumer-Agent: python-requests/2.32.3
Settle for-Encoding: gzip, deflate, zstd
Settle for: */*
Connection: keep-alive
Content material-Size: 222
Content material-Kind: multipart/form-data; boundary=0abcfc26e3fa0afbd6db1ba369dfcc37
--0abcfc26e3fa0afbd6db1ba369dfcc37
Content material-Disposition: form-data; identify="file"; filename="exploit.jsp"
Content material-Kind: software/octet-stream
<% out.println("Apache Struts"); %>
--0abcfc26e3fa0afbd6db1ba369dfcc37--In keeping with the ISC studies, present exploit makes an attempt have been traced again to IP deal with 169.150.226.162, which has been actively scanning for susceptible techniques. The attacker initially focused easy URLs, seemingly probing for different add vulnerabilities.
Given the severity of this vulnerability, organizations utilizing Apache Struts2 should replace their techniques promptly.
Transitioning to the advisable Motion File Add mechanism is essential. Moreover, monitoring community visitors for uncommon or unauthorized actions can assist determine and mitigate potential threats.
Organizations ought to stay vigilant, because the panorama of cybersecurity threats continues to evolve. Speedy motion and steady safety evaluations are important to guard towards exploitation and make sure the integrity of internet functions.
Examine Actual-World Malicious Hyperlinks, Malware & Phishing Assaults With ANY.RUN – Strive for Free