Jump to content
Welcome to our new Citrix community!
  • CVE-2023-50164: Apache Struts - Files or Directories Accessible to External Parties (Update)


    NetScaler Cyber Threat Intelligence
    • Validation Status: Validated
      Has Video?: No

    CVE-2023-50164: Apache Struts - Files or Directories Accessible to External Parties - (v120 signature update published )

     

    NetScaler CTRI Team

    Last Updated: 12/13/2023

     

    image.thumb.png.4a07a18456c5fb812e3afc714d7d2ffa.png

     

     

    Description:

     

    A security vulnerability, identified as CVE-2023-50164, has been discovered in Apache Struts, a popular, open-source framework for building Java web applications.

     

    The vulnerability affects the file upload functionality of versions prior to Apache Struts 2.5.33 and Struts 6.3.0.2. The problem stems from how the framework handles the HTTP parameters related to file uploading.

     

    An unauthenticated, remote attacker can manipulate file upload parameters to perform unauthorized path traversal. This could allow the attacker to upload malicious files on the server and potentially execute arbitrary code remotely.

     

    Please follow the guidelines as recommended by the vendor in their Security Bulletin

     

    NetScaler CTRI :

    NetScaler CTRI team is actively investigating this issue and will provide an update on the mitigation steps and a WAF Signature soon. 

     

    Update: Signature v120 published

     

    References: 

    1. https://nvd.nist.gov/vuln/detail/CVE-2023-50164

     

     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...