On December 7, 2023, Apache issued a security advisory regarding CVE-2023-50164, a critical vulnerability found in Apache Struts, rated with a CVSS score of 9.8. This flaw affected versions ranging from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0.

Apache Struts, a widely used open-source framework for developing modern Java web applications across various commercial and open-source projects, has historically been targeted by threat actors. Notably, vulnerabilities in Struts, such as the one in the Equifax breach of 2017, raise substantial concerns due to its extensive use across multiple sectors.

Exploiting this vulnerability enables attackers to manipulate file upload parameters, leading to potential path traversal. This manipulation allows malicious file uploads, creating a gateway for remote code execution (RCE).

In recent days, numerous exploitation attempts have been observed, all of which were successfully blocked. The majority of these attempts originated from IP addresses in the United States and France. These exploit attempts primarily utilized automated hacking tools coded in the Go programming language, targeting web applications from the United States, Australia, the Netherlands, and New Zealand.

During exploitation attempts, attackers craft specific requests to upload malicious web shells—often in formats like .JSP or .WAR files—to unintended locations using path traversal techniques, enabling access to areas not originally meant for user uploads.

Despite existing protection measures, it's strongly recommended that customers remain vigilant and promptly update their systems with the latest security patches. Cyberoon continues to monitor the situation and will provide updates as new information becomes available.