duo.com
Open in
urlscan Pro
13.227.219.31
Public Scan
URL:
https://duo.com/decipher/apache-fixes-critical-struts-flaw
Submission: On December 22 via api from IN — Scanned from DE
Submission: On December 22 via api from IN — Scanned from DE
Form analysis 1 forms found in the DOM
GET /decipher/search
<form class="d-search__form" action="/decipher/search" method="GET" onsubmit="submitForm(); return false; " __bizdiag="0" __biza="WJ__">
<input id="input_search" class="d-search__input" type="text" placeholder="Search..." value="">
<button class="btn-magnify js-btn-magnify"><svg class="icon-magnify-thick" viewBox="0 0 512 512">
<path
d="m430 393l-114-114c13-20 22-44 22-71 0-69-56-125-126-125-69 0-125 56-125 125 0 69 56 126 125 126 27 0 51-8 71-23l115 115c4 4 10 7 16 7 6 0 12-3 16-7 9-9 9-24 0-33z m-297-185c0-43 35-78 79-78 43 0 78 35 78 78 0 44-35 79-78 79-44 0-79-35-79-79z">
</path>
</svg></button>
</form>Text Content
* All Articles * Who We Are * * * * * Security news that informs and inspires SEARCH Dec 8, 2023 APACHE FIXES CRITICAL STRUTS FLAW By Dennis Fisher Share There is a critical vulnerability in several versions of the Apache Struts framework that can allow an attacker to upload a malicious file and potentially gain remote code execution. The flaw (CVE-2023-50164) affects versions 2.5.0-2.5.32 and 6.0.0-6.3.0, and the Apache Software Foundation has released updates to fix the bug. The issue is related to the way that Stuts handles file uploads in some circumstances. “An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution,” the advisory says. Apache Struts is a popular application development framework that is used widely in enterprises and other environments. Struts has been a popular target for attackers in the past when publicly disclosed vulnerabilities have emerged. Because Struts is so popular for Java app development, the target base is quite large, and attackers have shown the ability to develop exploits for the framework in the past. Organizations running vulnerable versions of Struts should upgrade to version 2.5.33 or 6.3.0.2 to address the bug. Apache Related Apache THREAT ACTORS TARGET APACHE ACTIVEMQ FLAW Apache disclosed this flaw and released patches for it on Oct. 25, and proof-of-concept exploit code is also available for the... Apache APACHE PATCHES TWO IMPORTANT BUGS IN WEB SERVER The Apache Software Foundation has fixed two important security flaws in version 2.4.56 of its HTTP Server. Apache CRITICAL-SEVERITY FLAW IN APACHE COMMONS TEXT LIBRARY FIXED Details about the severity and scope of the vulnerability are still emerging, including the detection of any examples of... * * * * All Articles Who We Are Copyright 2023 Duo Security Terms & Conditions Privacy Notice Top