all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Understanding the Impact of the new Apache Struts File Upload Vulnerability

Add to bookmarks
Dec. 12, 2023, 9:08 p.m. | Nathan Sportsman

Blog - Praetorian www.praetorian.com

Introduction Recently researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload functionality to achieve remote code execution. This bug, known as CVE-2023-50164, has been assigned a 9.8 CVSS score. No doubt this is causing some security practitioners to have flashbacks of the “good times” that a serious Struts bug […]


The post Understanding the Impact of the new Apache Struts File Upload Vulnerability appeared first on Praetorian.

abuse apache apache struts bug code code execution cve cvss cvss score file file upload frameworks good impact introduction popular remote code remote code execution researcher score security security practitioners struts understanding upload vulnerability vulnerability research

Visit resource

More from www.praetorian.com / Blog - Praetorian

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 14 hours ago | www.praetorian.com
ant application customers cve +21
MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 1 month, 4 weeks ago | www.praetorian.com
article can cross-site cswsh +17
Exploiting Kubernetes through Operator Injection 2 months, 1 week ago | www.praetorian.com
application applications attack attackers +20
Relution Remote Code Execution via Java Deserialization Vulnerability 2 months, 3 weeks ago | www.praetorian.com
application article can clients +26
Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 3 months, 1 week ago | www.praetorian.com
attack cd security ci compromise +5
Understanding the Impact of the new Apache Struts File Upload Vulnerability 4 months, 2 weeks ago | www.praetorian.com
abuse apache apache struts bug +23
SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 4 months, 2 weeks ago | www.praetorian.com
authentication authentication bypass bypass code +19
Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 4 months, 3 weeks ago | www.praetorian.com
analysis application code code execution +17
Why Azure B2C ROPC Custom Flows Are Inherently Insecure 4 months, 4 weeks ago | www.praetorian.com
active directory administrators api authentication +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Data & Security Engineer Lead

@ LiquidX | Singapore, Central Singapore, Singapore
View on infosec-jobs.com

IT and Cyber Risk Control Lead

@ GXS Bank | Singapore - OneNorth
View on infosec-jobs.com

Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Cyber Security Analyst (Weekend 1st Shift)

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com

Senior Manager, Cybersecurity

@ BlueTriton Brands | Stamford, CT, US
View on infosec-jobs.com
View more jobs