Staff

Outbreak alert: Apache Struts 2 RCE Attack

Forum|Forum|1 year ago
January 6, 2025
0 replies
364 views

Description

This article describes the detection of the Apache Struts 2 RCE Attack (CVE-2024-53677 , CVE-2023-50164).

Apache Struts 2 RCE Attack (CVE-2024-53677, CVE-2023-50164) allows attackers to manipulate file upload parameters to enable path traversal, potentially leading to malicious file upload. This may result in Remote Code Execution, allowing attackers to run arbitrary code, steal data, or compromise entire systems.

Scope

FortiDevSec SCA scanner updated in version 24.4.

Solution

Detection against these vulnerabilities is empowered by the FortiDevSec Software Composition Analysis (SCA) scanner.

This technology enables FortiDevSec to assess with a high level of confidence, if the application codebase is vulnerable to a specific vulnerability by identifying open-source software dependencies.

The SCA scanner is enabled by default. Once the scan is performed on an application, the result appears under the Software Composition Analysis tab.

A step-by-step guide on how to scan an application is available in the user-guide.

For more details regarding mitigating the vulnerability by utilizing Fortinet products, refer to Outbreak Alert.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded