CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-53677

High Severity
SVRS
60/100
CVSSv3
NA/10
EPSS
0.92171/1

CVE-2024-53677 is a critical file upload vulnerability in Apache Struts, potentially allowing attackers to execute arbitrary code. A flaw exists in the file upload logic, enabling path traversal and the upload of malicious files. The SOCRadar Vulnerability Risk Score (SVRS) for CVE-2024-53677 is 60, indicating a moderate level of risk, although active exploits are circulating. This vulnerability affects Apache Struts versions 2.0.0 through 6.3.x, but not 6.4.0 onward. Successful exploitation could lead to Remote Code Execution (RCE), allowing attackers to compromise the server. It is imperative to upgrade to version 6.4.0 to mitigate this risk, or migrate to the new file upload mechanism if using FileuploadInterceptor, as the vulnerability is tagged with "Exploit Available".

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
PUBLICATION DATE2024-12-11
LAST MODIFIED2025-01-03
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-53677 is a newly disclosed vulnerability with a limited description currently available. While the CVSS score is 0, indicating a lack of quantifiable information, the SOCRadar Vulnerability Risk Score (SVRS) stands at 46, suggesting a moderate level of risk. This elevated SVRS score is primarily due to the "In The Wild" and "Exploit Available" tags, indicating that active exploits are being used in real-world attacks.

Key Insights

  • Active Exploitation: The availability of public exploits means that attackers are actively targeting systems with this vulnerability. This signifies a high urgency to address the issue immediately.
  • Limited Information: The absence of a detailed description for CVE-2024-53677 poses a challenge for accurate risk assessment and mitigation. It emphasizes the need to proactively gather more information from reliable sources.
  • Moderate SVRS: The SVRS score, although lower than a critical rating, is a strong indicator of potential risk and necessitates immediate action. It highlights the importance of comprehensive security assessments and vulnerability management practices.

Mitigation Strategies

  • Patching: Prioritize patching affected systems with the latest security updates as soon as they become available.
  • Vulnerability Scanning: Conduct thorough vulnerability scans to identify affected systems and prioritize remediation efforts.
  • Network Segmentation: Implement network segmentation to limit the impact of potential attacks.
  • Threat Intelligence Monitoring: Continuously monitor for new threat intelligence related to CVE-2024-53677 and adapt mitigation strategies accordingly.

Additional Information

For further information or queries regarding this incident, you can utilize the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more details if needed.

Indicators of Compromise

TypeIndicatorDate
IP
169.150.226.1622025-01-17

Exploits

TitleSoftware LinkDate
TAM-K592/CVE-2024-53677-S2-067https://github.com/TAM-K592/CVE-2024-53677-S2-0672024-12-13
XiaomingX/CVE-2024-53677-S2-067https://github.com/XiaomingX/CVE-2024-53677-S2-0672024-12-18
SeanRickerd/CVE-2024-53677https://github.com/SeanRickerd/CVE-2024-536772025-01-10
hopsypopsy8/CVE-2024-53677-Exploitationhttps://github.com/hopsypopsy8/CVE-2024-53677-Exploitation2025-02-13
shishirghimir/CVE-2024-53677-Exploithttps://github.com/shishirghimir/CVE-2024-53677-Exploit2025-02-24
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Friday, December 13th, 2024
Dr. Johannes B. Ullrich2024-12-13
ISC StormCast for Friday, December 13th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows 11 and TPM; Azure MFA Bypass; Struts 2 Vuln; Secret Blizzard vs UkraineWindows 11 and TPM https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066 https://www.forbes.com/sites/zakdoffman/2024/12/12/microsoft-warns-400-million-windows-users-do-not-update-your-pc/ Microsoft Azure MFA Bypass https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass Struts 2 Arbitrary File Upload CVE-2024-53677 <a href="https://cwiki.apache.org
sans.edu
rss
forum
news
23rd December – Threat Intelligence Report
[email protected]2025-02-01
23rd December – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 23rd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The State of Rhode Island has issued a notification that RIBridges, the state&#8217;s portal for social services, has suffered a cyber attack and data leak. According to the reports, the breach was [&#8230;] The post 23rd December – Threat Intelligence Report appeared first on Check Point
checkpoint.com
rss
forum
news
Tageszusammenfassung - 18.12.2024
CERT.at2025-02-01
Tageszusammenfassung - 18.12.2024 | End-of-Day report Timeframe: Dienstag 17-12-2024 18:00 - Mittwoch 18-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News Critical security hole in Apache Struts under exploit A critical security hole in Apache Struts 2 [..] CVE-2024-53677 [..] is currently being exploited using publicly available proof-of-concept (PoC) code. https://go.theregister.com/feed/www.theregister.com/2024/12/17/critical_rce_apache_struts/ How to Lose
cert.at
rss
forum
news
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
Ajit Jasrotia2024-12-27
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization | The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. &#8220;The ObjectSerializationDecoder in Apache MINA uses [&#8230;] The post Apache MINA CVE-2024-52046: CVSS 10.0
allhackernews.com
rss
forum
news
Weekly Cybersecurity Newsletter: Cyber Attack News, Vulnerabilities &amp; Data Breaches
Guru Baran2024-12-22
Weekly Cybersecurity Newsletter: Cyber Attack News, Vulnerabilities &amp; Data Breaches | Welcome to this week’s Cyber Security Newsletter, where we explore the latest advancements and important updates in the field of cybersecurity. Your engagement in this swiftly changing digital landscape is crucial, and we strive to offer you the most relevant insights and information. This edition emphasizes emerging threats and the current status of defenses in [&#8230;] The post Weekly Cybersecurity Newsletter: Cyber Attack News, Vulnerabilities &amp; Data Breaches appeared first
cybersecuritynews.com
rss
forum
news
Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION
Pierluigi Paganini2024-12-22
Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadBox rapidly grows, 190,000 Android devices infected Romanian national was sentenced to 20 years in prison for his [&#8230;] A new round of the weekly SecurityAffairs newsletter
securityaffairs.co
rss
forum
news
Hacking allegations and antitrust heat. - The CyberWire
2024-12-18
Hacking allegations and antitrust heat. - The CyberWire | News Content: The U.S. considers a ban on Chinese made routers. More than 200 Cleo managed file-transfer servers remain vulnerable. The Androxgh0st botnet expands. Schneider Electric reports a critical vulnerability in some PLCs. A critical Apache Struts 2 vulnerability is being actively exploited. Malicious campaigns are targeting Chinese-branded IoT devices. A Nebraska-based healthcare insurer discloses a data breach affecting over 225,000 individuals. IntelBroker leaks 2.9GB of data from Cisco’s DevHub environment. CISA issues a Binding Operational Directive requiring federal agencies to enhance cloud security. On today’s
google.com
rss
forum
news

Social Media

CVE-2024-53677 By adding another boundary with "Content-Disposition: form-data; name="top.UploadFileName";" I'm able to control where the file gets placed. Took a regular PNG, kept the magic bits and filename but changed the contents to a .jsp web shell and was able to add it https://t.co/OcKx4OahQi
1
0
1
CVE-2024-53677 RCE in Apache Struts Software Unrestricted upload of a dangerous file and RCE in Apache Struts software is the new critical issue. Hacker can manipulate file upload parameters to enable paths traversal, and then he is able to upload a malicious file that can be https://t.co/BAwbxgV8tM
0
0
0
⚠️ Apache Struts RCE – CVE-2024-53677 New path traversal flaw allows unauthenticated attackers to execute commands. If you're testing web apps, this is a must-check vulnerability. 🔗 Read more: https://t.co/w974b5yLaD
0
0
0
5/6 Reality check: A recent Apache Struts vulnerability (CVE-2024-53677) showed how critical EOL events can be. We've identified ~150 major open source EOL events in 2025.
1
0
0
Strutted from @hackthebox_eu showcases CVE-2024-53677, a upload vulnerability in Apache Struts that can lead to RCE. I also go way down a rabbit hole to understand why the tomcat user can't su to another user, even with the proper password. https://t.co/HQkZV5QYna
1
1
5
https://t.co/bCmLYxuRJ9 CVE-2024-53677 and CVE-2023-50164 are vulnerabilities in Apache Struts that could pave the way for remote code execution, or RCE. Learn how to figure out if you’re affected, and if so what to do about it
0
0
1
CVE-2024-53677: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some this can lead to uploading a malicious file which can be used to perform Remote Code Execution. PoC https://t.co/kXJh2P9O49 https://t.co/MYOYoHmmao
0
1
4
No, Apache Struts CVE-2024-53677 isn't being "actively exploited" to actually compromise production systems. Stop it. You know better. And if you don't, stop saying words on the internet. There are real threats to prioritize.
0
0
1
Orgs Scramble to Fix Actively Exploited Bug (CVE-2024-53677) in Apache Struts 2 via @DarkReading #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/HzV1ki4eHX
0
0
0
⚠️ Heads up, developers! A critical vulnerability (CVE-2024-53677) in Apache Struts is being actively exploited. With a CVSS score of 9.5, it’s a serious threat. Ensure your systems are patched and stay vigilant! 🔒 #CyberSecurity #ApacheStruts #InfoSec
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://cwiki.apache.org/confluence/display/WW/S2-067
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20250103-0005/
[email protected]https://cwiki.apache.org/confluence/display/WW/S2-067

CWE Details

CWE IDCWE NameDescription
CWE-434Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence