On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected.
Apache Struts is a popular, free, open-source framework that is used in the creation of modern Java web applications for numerous commercial and open-source projects. Vulnerabilities in Struts have been popular targets for threat actors, such as the Equifax breach in 2017. Given its widespread distribution, any vulnerability in Apache Struts can become a matter of significant concern across various sectors.
By exploiting this vulnerability, attackers can manipulate file upload parameters, allowing for path traversal. Consequently, a malicious file can be uploaded, opening the door to a remote code execution (RCE).
Several proofs of concepts (POCs) were published on December 11, 2023. The Imperva Threat Research team created additional dedicated mitigations for this vulnerability, in addition to the existing rules and signatures, which are effective.
Over the past few days, we observed thousands of exploitation attempts, all of which were successfully thwarted by Imperva Cloud WAF, Imperva RASP, and Imperva WAF Gateway (customer-managed WAF). Most of the attempts originate from IP addresses in the United States and France.
Most exploitation attempts were carried out by automated hacking tools written in the Go programming language. Web applications targeted in the exploitation were sourced from the United States, Australia, the Netherlands, and New Zealand.
During an exploitation attempt, an attacker will craft a special request to upload malicious web shells, commonly in the formats of.JSP or .WAR files, to locations unintended for user-uploaded content, and not originally accessible, using path traversal techniques.
Despite having protection measures, we strongly advise customers to stay vigilant and ensure their systems are promptly updated with the latest security patches. As always, Imperva Threat Research is monitoring the situation and will provide updates as new information emerges.
Try Imperva for Free
Protect your business for 30 days on Imperva.
