18 matches found
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164: A critical security vulnerability, identified...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
Exploit CVE-2023-50164 para o Laboratório HackTheBox Descr...
Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.
Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-41835, CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a deni...
Security Bulletin: Struts Vulnerability - Order Management does contain the Struts code and it is vulnerable with lower risk [CVE-2023-50164]
Summary Order Management does contain the Struts code and it is vulnerable CVE-2023-50164, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 Apache Struts path traversal to RCE vulnerabil...
Adobe Experience Manager 6.0.0.0 < 6.5.19.1 Arbitrary code execution (APSB23-77)
The version of Adobe Experience Manager installed on the remote host is prior to 6.5.19.1. It is, therefore, affected by a vulnerability as referenced in the APSB23-77 advisory. - An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 : Apache Struts 2 vulnerable Docker container...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
PoC exploit for CVE-2023-50164, a Path Traversal vulnerability i...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 A scanning utility and PoC for CVE-2023-50164...
Critical Remote Code Execution Flaw Uncovered in Apache Struts 2
Summary: A significant vulnerability has been identified in the Apache Struts 2 open-source web application framework, labeled CVE-2023-50164. This flaw poses a severe risk of remote code execution and unauthorized path traversal. Threat Level - Red | Vulnerability Report For a detailed threat...
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal...
Recently-patched Apache Struts vulnerability used in worldwide attacks
Attackers are exploiting a critical vulnerability in Apache Struts 2 that was patched recently. Struts is a very popular open source platform to develop applications and websites. On December 7, 2023, Apache announced versions 6.3.0.2 and 2.5.33 of Struts were now available to address a potential...
Observed Exploitation Attempts of Struts 2 S2-066 Vulnerability (CVE-2023-50164)
The Akamai Security Intelligence Group has seen numerous exploitation attempts on Apache Struts 2 since December 7, 2023, when a critical CVE was released...
The Apache Software Foundation Updates Struts 2
The Apache Software Foundation has released security updates to address a vulnerability CVE-2023-50164 in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletinlink is...
com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +52 more potentially affected by CVE-2023-50164 via org.apache.struts:struts2-core (>=6.0.0 <=6.3.0.1)
org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-50164 Source advisory: OSV:GHSA-2J...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +324 more potentially affected by CVE-2023-50164 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.32)
org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2023-50164 Source advisory: OSV:GHSA-2J39-QCJM-428W...
CVE-2023-50164
CVE-2023-50164 is an Apache Struts 2 directory traversal flaw in the file-upload parameter that can enable Remote Code Execution. Public details indicate exploitation attempts in the wild and advisories urging upgrading to Struts 2.5.33 or Struts 6.3.0.2 (or greater) to fix the issue. Affected co...
CVE-2023-50164
creationtimestamp| type| source ---|---|--- 2023-12-07 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1177 2023-12-08 14:17:07+00:00| seen| https://t.me/ctinow/154174 2023-12-11 17:03:39+00:00| seen| https://t.me/ctinow/154465 2023-12-11 17:25:08+00:00| seen|...