Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerability in Apache Struts 2
Alerts

Active Exploitation of Critical Vulnerability in Apache Struts 2

13 December 2023

Apache has released security updates to address a critical vulnerability (CVE-2023-50164) in Apache Struts 2. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow a remote attacker to perform unauthorised path traversal and remote code execution by uploading malicious files in the file upload feature.

The vulnerability affects the following software versions:

  • Struts 2.0.0 - 2.3.37 (EOL)

  • Struts 2.5.0 - 2.5.32

  • Struts 6.0.0 - 6.3.0

Users and administrators of the affected products are advised to update to the latest product versions immediately.

More information is available here:
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=282102181#content/view/282102181
https://thehackernews.com/2023/12/new-critical-rce-vulnerability.html
https://nvd.nist.gov/vuln/detail/CVE-2023-50164

Back to top