heise PlusAbo
Anzeige

Patch now! Attackers exploit critical security vulnerability in Apache Struts

The upload function of Apache Struts is faulty and attackers can upload malicious code. Security researchers warn of attacks.

listen Print view
Programmer at the laptop displaying COde and "PHP". Viruses and criminals attack this

(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)

1 min. read
Security
By

Attackers are currently attacking the open source framework Apache Struts. Admins should install the secured version immediately. After a successful attack, malicious code gets onto systems and compromises them.

Security update available

In a warning message, the developers state that they have closed the"critical" vulnerability (CVE-2024-53677) in Apache Struts 6.4.0. According to the developers, attackers can manipulate upload parameters in other versions in order to upload and execute malicious code via a path traversal attack.

Videos by heise

This is no longer a theory and a security researcher at the Internet Strom Center warns of ongoing attacks. Similar attacks already occurred at the end of 2023 (CVE-2023-50164"critical"). Obviously, the patch was not sufficient back then.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten