A Vulnerability in Apache Struts 2 Could Allow for Remote Code Execution | allinfosecnews.com

Dec. 11, 2023, 4:16 p.m. |

Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org

A vulnerability has been discovered in Apache Struts 2, which could allow for remote code execution. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. Successful exploitation could allow for remote code execution in the context of underlying operating system. Depending on the privileges associated with the logged on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system …

apache apache struts application applications code code execution context exploitation framework java operating system remote code remote code execution struts struts 2 system vulnerability web web application web applications

More from www.cisecurity.org / Center for Internet Security - Multi-State Information Sharing and Analysis Center

A Vulnerability in SolarWinds Serv-U Could Allow for Path Transversal 2 days, 7 hours ago | www.cisecurity.org

can disclosure enterprise file +20

Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution 2 days, 9 hours ago | www.cisecurity.org

account applications code code execution +14

Multiple Vulnerabilities in Progress Telerik Report Server Could Allow for Remote Code Execution 5 days, 7 hours ago | www.cisecurity.org

application business business intelligence centralized management +16

A Vulnerability in Check Point Security Gateways Could Allow for Credential Access 1 week, 2 days ago | www.cisecurity.org

access block check check point +16

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 1 week, 2 days ago | www.cisecurity.org

arbitrary code arbitrary code execution chrome code +7

Multiple Vulnerabilities in LenelS2 NetBox Could Allow for Arbitrary Code Execution 1 week, 3 days ago | www.cisecurity.org

access access control arbitrary code arbitrary code execution +14

Multiple Vulnerabilities in Fortinet FortiSIEM Could Allow for Remote Code Execution 1 week, 4 days ago | www.cisecurity.org

analysis awareness code code execution +17

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution 2 weeks, 2 days ago | www.cisecurity.org

access arbitrary code arbitrary code execution browser +12

A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass 2 weeks, 3 days ago | www.cisecurity.org

applications authentication authentication bypass automate +23

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com