all InfoSec news
Apache Struts2 Remote Code Execution Vulnerability (CVE-2023-50164)
Dec. 20, 2023, 1:30 a.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
A remote attacker can manipulate the file upload parameters on the Apache Struts to enable path traversal and upload a malicious file. That can lead to perform remote code execution and complete control of the system. Apache Struts is an open-source and widely adopted framework for developing Java-based web applications.
What is the Vendor Solution?
Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.5.33 or Struts 6.3.0.2 or higher. …
apache apache struts apache struts2 attacker code code execution control cve cve-2023-50164 enable file file upload framework java malicious path path traversal remote code remote code execution struts struts2 system upload vulnerability web what is
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
1 week, 2 days ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Operations Manager-West Coast
@ The Walt Disney Company | USA - CA - 2500 Broadway Street
Vulnerability Analyst - Remote (WFH)
@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
Senior Mainframe Security Administrator
@ Danske Bank | Copenhagen V, Denmark