all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Apache Fixes Critical Struts Flaw

Add to bookmarks
Dec. 8, 2023, 8:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

There is a critical vulnerability in several versions of the Apache Struts framework that can allow an attacker to upload a malicious file and potentially gain remote code execution.


The flaw (CVE-2023-50164) affects versions 2.5.0-2.5.32 and 6.0.0-6.3.0, and the Apache Software Foundation has released updates to fix the bug. The issue is related to the way that Stuts handles file uploads in some circumstances.


“An attacker can manipulate file upload params to enable paths traversal and under some circumstances this …

apache apache software foundation apache struts attacker bug code code execution critical critical vulnerability cve file fix fixes flaw foundation framework issue malicious remote code remote code execution software struts updates upload vulnerability

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

You get a passkey, you get a passkey, everyone should get a passkey 52 minutes ago | malware.news
accounts can consumer cracked +10
Attackers evade detection by leveraging Microsoft Graph API 57 minutes ago | malware.news
api article attackers cloud +15
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383 an hour ago | malware.news
article cisco credit credit monitoring +8
Code faster with generative AI, but beware the risks when you do an hour ago | malware.news
article can code coding +13
Proposed Bill Focuses on Voluntary AI Security Incident Reporting 2 hours ago | malware.news
ai security bill companies cybersecurity +21
The impact of automating open source dependency management 2 hours ago | malware.news
article business consuming customer +12
Diffusione di malware Keylogger tramite falsa pagina di Agenzia delle Entrate – PuntoFisco 3 hours ago | malware.news
agenzia delle entrate article cert con +5
Stronger cybersecurity aimed by Menlo Security, Google Cloud collaboration 5 hours ago | malware.news
article cloud collaboration customers +13
Mounting global ransomware attacks significantly impact US 6 hours ago | malware.news
article attacks avril haines director +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604
View on infosec-jobs.com

Software Engineer - Cloud Security

@ Neo4j | Malmö
View on infosec-jobs.com

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963
View on infosec-jobs.com

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000
View on infosec-jobs.com

Educator, Cybersecurity

@ Brain Station | Toronto
View on infosec-jobs.com

Principal Security Engineer

@ Hippocratic AI | Palo Alto
View on infosec-jobs.com
View more jobs