Lucene search
+L

19 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/06/19 5:35 a.m.•17 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2024-53677, CVE-2025-23184)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this ca...

9.8CVSS8.2AI score0.78198EPSS
Exploits15Affected Software1
GithubExploit
GithubExploit
•added 2025/06/03 12:55 p.m.•260 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

CVE-2024-53677: Apache Struts path traversal to RCE vulnerabil...

9.8CVSS9.9AI score0.78198EPSS
Exploits15
SUSE CVE
SUSE CVE
•added 2025/02/14 4:3 a.m.•9 views

SUSE CVE-2024-53677

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...

9.8CVSS9.7AI score0.78198EPSS
Exploits15References3
GithubExploit
GithubExploit
•added 2025/01/10 5:47 p.m.•280 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

CVE-2024-53677 - Apache Struts 2 Remote Code Execution Vulnerabi...

9.8CVSS9.8AI score0.78198EPSS
Exploits15
Atlassian
Atlassian
•added 2024/12/20 8:46 a.m.•72 views

Upgrade Struts to avoid false-positive scanner warnings about CVE-2024-53677

h3. Issue Summary Recent CVE-2024-53677 at Struts triggers vulnerability scanners warning. panel:title=Bamboo is not affected Supported versions of Bamboo 9.2+, 9.6+, 10.2+ are not affected because FileUploadInterceptor doesn't handle uploaded files. panel h3. Steps to Reproduce See WEB-INB/lib...

9.8CVSS6.6AI score0.78198EPSS
Exploits15
GithubExploit
GithubExploit
•added 2024/12/18 6:42 p.m.•477 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

Disclaimer Do not use the related technologies described in...

9.8CVSS7.4AI score0.78198EPSS
Exploits15
The Hacker News
The Hacker News
•added 2024/12/18 1:36 p.m.•18 views

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities...

9.5CVSS10AI score0.80819EPSS
Exploits29
GithubExploit
GithubExploit
•added 2024/12/18 2:3 a.m.•405 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

🚨🚨 CVE-2024-53677-S2-067 🚨🚨 Security Notice: CVE-2024-53677...

9.8CVSS7.8AI score0.78198EPSS
Exploits15
GithubExploit
GithubExploit
•added 2024/12/17 2:22 a.m.•516 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

Source of POC https://y4tacker.github.io/2024/12/16/year/2024/...

9.8CVSS7.5AI score0.78198EPSS
Exploits15
Tenable Nessus
Tenable Nessus
•added 2024/12/16 12:0 a.m.•17 views

Apache Struts 2.0.0 <=> 2.3.37(EOL) / 2.5.0 <=> 2.5.33 / 6.0.0 <=> 6.3.0.2 Remote Code Execution (S2-067)

The version of Apache Struts installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the S2-067 advisory. - File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users...

9.8CVSS8.6AI score0.78198EPSS
Exploits15References2
GithubExploit
GithubExploit
•added 2024/12/13 5:42 p.m.•733 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

🚨🚨 CVE-2024-53677-S2-067🚨🚨 Security Advisory: CVE-2024-53677 –...

9.8CVSS9.8AI score0.78198EPSS
Exploits15
RedhatCVE
RedhatCVE
•added 2024/12/12 8:48 a.m.•30 views

CVE-2024-53677

A flaw was found in Apache Struts. Affected versions of this package are vulnerable to remote code execution RCE via manipulation of the file upload mechanism that enables path traversal. Under certain conditions, uploading a malicious file is possible and may then be executed on the server...

9CVSS7.1AI score0.78198EPSS
Exploits15References4
GithubExploit
GithubExploit
•added 2024/12/12 8:30 a.m.•601 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

s2-067-CVE-2024-53677 s2-067CVE-2024-53677 Summary File uplo...

9.8CVSS9.8AI score0.78198EPSS
Exploits15
OpenVAS
OpenVAS
•added 2024/12/12 12:0 a.m.•38 views

Apache Struts Security Update (S2-067)

Apache Struts is prone to a file upload logic vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...

9.8CVSS9.6AI score0.78198EPSS
Exploits15References4
vulnersOsv
vulnersOsv
•added 2024/12/11 6:30 p.m.•6 views

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +330 more potentially affected by CVE-2024-53677 via org.apache.struts:struts2-core (>=2.0.5 <=6.3.0.2)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.9, =1.2, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2024-53677 Source advisory: OSV:GHSA-43MQ-6XMG-29VM...

9.8CVSS8.1AI score0.78198EPSS
Exploits15
NVD
NVD
•added 2024/12/11 4:15 p.m.•100 views

CVE-2024-53677

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...

9.8CVSS0.78198EPSS
Exploits15References2
Circl
Circl
•added 2024/12/11 3:43 p.m.•8 views

CVE-2024-53677

creationtimestamp| type| source ---|---|--- 2024-12-11 15:43:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113634953112650669 2024-12-11 17:44:47+00:00| seen| https://t.me/cvedetector/12636 2024-12-11 21:07:18+00:00| seen|...

9.8CVSS7.6AI score0.78198EPSS
Exploits15References73
Vulnrichment
Vulnrichment
•added 2024/12/11 3:35 p.m.•34 views

CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...

9.5CVSS6.5AI score0.78198EPSS
Exploits15References1
Cvelist
Cvelist
•added 2024/12/11 3:35 p.m.•62 views

CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...

9.5CVSS0.78198EPSS
Exploits15References1
Rows per page
Query Builder