Table of Contents
On December 7, 2023, The Apache Struts group released an update addressing a critical security vulnerability in Apache Struts. This vulnerability could lead, under some circumstances, to remote code execution.
It is recommended to upgrade to a not vulnerable version as soon as possible.
Apache Struts Security Vulnerability
Apache Struts Security Vulnerability
On December 7, 2023, The Apache Struts group released an update addressing a critical security vulnerability in Apache Struts. This vulnerability could lead, under some circumstances, to remote code execution. It is recommended to upgrade to a not vulnerable version as soon as possible.
Technical Details
The vulnerability, identified as CVE-2023-50164 with a CVSS score of 9.8, may allow an attacker to manipulate file upload parameters to enable path traversal. Under some circumstances this may allow the attacker to upload a malicious file that can be used to perform remote code execution.
Affected Products
This vulnerability affects Apache Struts versions 2.0.0 through 2.5.32 and 6.0.0 through 6.3.0.1.
Recommendations
It is recommended to upgrade to a not vulnerable version as soon as possible.
References
- [1] https://www.helpnetsecurity.com/2023/12/08/cve-2023-50164/
- [2] https://cwiki.apache.org/confluence/display/WW/S2-066
- [3] https://www.tenable.com/cve/CVE-2023-50164
```htmlMITRE ATT&CK Matrix - CVE-2023-50164
MITRE ATT&CK Matrix for CVE-2023-50164
| Tactic | Technique | Sub-Technique | Mitigation | Potential Attacker Groups |
|---|---|---|---|---|
| Initial Access | T1190 - Exploit Public-Facing Application | M1050 - Exploit Protection | Not specified in the advisory | |
| T1189 - Drive-by Compromise | ||||
| T1195 - Supply Chain Compromise | ||||
| Execution | T1203 - Exploitation for Client Execution | M1038 - Execution Prevention | Not specified in the advisory | |
| T1059 - Command and Scripting Interpreter | T1059.001 - PowerShell T1059.002 - AppleScript T1059.003 - Windows Command Shell |
|||
| Privilege Escalation | T1068 - Exploitation for Privilege Escalation | M1026 - Privileged Account Management | Not specified in the advisory | |
| Credential Access | T1081 - Credentials in Files | M1040 - Behavior Prevention on Endpoint | Not specified in the advisory | |
| Discovery | T1083 - File and Directory Discovery | M1018 - User Account Management | Not specified in the advisory | |
| Lateral Movement | T1570 - Lateral Tool Transfer | M1041 - Network Segmentation | Not specified in the advisory | |
| T1563 - Remote Service Session Hijacking | ||||
| Collection | T1005 - Data from Local System | M1053 - Data Backup | Not specified in the advisory | |
| Command and Control | T1071 - Application Layer Protocol | M1037 - Filter Network Traffic | Not specified in the advisory | |
| Exfiltration | T1041 - Exfiltration Over Command and Control Channel | M1049 - Antivirus/Antimalware | Not specified in the advisory | |
| T1020 - Automated Exfiltration | ||||
| Impact | T1485 - Data Destruction | M1031 - Network Intrusion Prevention | Not specified in the advisory |
Enterprise Layer
- The critical remote code execution vulnerability in Apache Struts is primarily relevant to the Enterprise Layer of MITRE ATT&CK.
Mobile Layer
- As Apache Struts is a server-side framework, the Mobile Layer may not be directly applicable. However, if mobile applications interact with a compromised server, it could be a vector for attack.
ICS Layer
- Industrial Control Systems (ICS) that utilize web services based on Apache Struts may be vulnerable to the same attacks as enterprise systems, although the techniques may be adapted for the specific environment of ICS.
References
``` Please note that the attacker groups were not specified in the advisory, and as such, are not listed in the MITRE ATT&CK matrix above. The proposed mitigation techniques, while generally applicable, would need to be tailored to the specific vulnerability described (CVE-2023-50164).
This post was generated entirely by an AI language model. Source: CERT EU
