CVE-2024–53677: A Critical Vulnerability in Apache Struts Exposing Over 83,000 Targets

Khaleel Khan
System Weakness
Published in
3 min read6 days ago

--

A critical vulnerability, CVE-2024–53677, has been identified in the popular Apache Struts framework, threatening the security of thousands of systems worldwide. This flaw, caused by weaknesses in the file upload mechanism, allows attackers to execute arbitrary code remotely. With over 83,000 targets identified on Fofa at the time of writing, the exposure is substantial, demanding immediate action from organizations using Apache Struts.

CVE-2024–53677

Key Details

Vulnerability Description

The vulnerability exploits flaws in the file upload logic of Apache Struts, enabling attackers to:

  • Path Traversal: Upload files to arbitrary locations on the server, bypassing security restrictions.
  • Remote Code Execution (RCE): Execute malicious code, such as .jsp scripts or binary payloads, to compromise the server entirely.

Affected Versions

  • Apache Struts 2.0.0 to 2.5.33
  • Apache Struts 6.0.0 to 6.3.0.2

Fixed Versions

  • Apache Struts 6.4.0 and Later

The Apache Struts team has resolved the vulnerability in version 6.4.0 and introduced a…

--

--

Published in System Weakness

System Weakness is a publication that specialises in publishing upcoming writers in cybersecurity and ethical hacking space. Our security experts write to make the cyber universe more secure, one vulnerability at a time.

Written by Khaleel Khan

Cybersecurity researcher with 18 years experience in state government, corporate sectors, and bug hunting enthusiast.

No responses yet

What are your thoughts?