Cybersecurity Threat Advisory: Apache Struts Framework Vulnerability
Posted on December 15, 2023 by Jason Franks
As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.
This week, a new critical alert requires the mission-critical community’s immediate attention.
Advisory Overview
MCP is actively monitoring a critical remote code execution (RCE) vulnerability in the Apache Struts framework, which is used to create enterprise-ready Java web applications. This vulnerability was flagged by the National Institute of Standards and Technology (NIST) Information Technology Laboratory and carries a Common Vulnerabilities and Exposures Program identifier of CVE-2023-50164.
The vulnerability should be patched immediately because public exploits are available, and active exploitation attempts have been seen in the wild. For instance, sensors employed by the Shadowserver Foundation — which gathers and analyzes data regarding malicious internet activity — have flagged attempted cyberattacks that exploit this vulnerability. The patch can be found here.
Threat Indicators
The path-traversal flaw affects Apache Struts versions before 6.3.0.2 and 2.5.33, and allows RCE. It may enable cyberattackers to upload malicious files, potentially leading to data theft, service disruption, or network lateral movement.
Why Is it Noteworthy?
This vulnerability is significant due to Apache Struts' widespread usage, including within some Cisco networking devices. Cisco is actively investigating the impact on its products.
What Are the Recommendations?
MCP recommends the following actions to limit the impact of potential cyberattacks:
- Follow the steps outlined in Apache’s notice.
- Update to Apache Struts version 6.3.0.2 or 2.5.33, and later.
- Ensure that devices running Apache Struts are not accessible to the web, unless secure and necessary.
- Monitor the Cisco advisory to see what Cisco products may be infected.
Topics: Cybersecurity