Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164), (Sun, Dec 15th)

published on 2024-12-15 18:02:44 UTC by
Content:

Last week, Apache announced a vulnerability in Struts2 [1]. The path traversal vulnerability scored 9.5 on the CVSS scale. If exploited, the vulnerability allows file uploads into otherwise restricted directories, which may lead to remote code execution if a webshell is uploaded and exposed in the web root. I call the exploit attempts below "inspired" by this vulnerability. There are at least two vulnerabilities that could be targeted. I do not have a vulnerable system to test if the exploit will work.

Article: Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164), (Sun, Dec 15th) - published about 1 month ago.

https://isc.sans.edu/diary/rss/31520
Published: 2024 12 15 18:02:44
Received: 2024 12 15 19:34:14
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities
Views: 4