Apache Struts 2 is an open-source web application framework for developing Java web applications.

CVE-2023-50164 and CVE-2024-53677 are file upload path traversal vulnerabilities which allows attackers to path traverse, upload malicious files and perform remote code execution (RCE).

CVE-2024-53677 (https://nvd.nist.gov/vuln/detail/CVE-2024-53677)
CVE-2023-50164 (https://nvd.nist.gov/vuln/detail/CVE-2023-50164)

N/A

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Apache Struts 2 RCE Attack” related activities

IOC source: https://www.fortiguard.com/outbreak-ioc?tag=Apache%20Struts%202%20RCE

All IOCs listed above have been added to Threat Intelligence Intel

Customers can create custom investigation/detections using the Suricata signatures below:

2058337 -> ET WEB_SPECIFIC_APPS Apache Struts2 Path Traversal Attempt Inbound M1 (CVE-2024-53677)

2049669 -> ET WEB_SPECIFIC_APPS Apache Struts2 Possible uploadFileName Directory Traversal Attempt (CVE-2023-50164) - uploadFileName Parameter M1

2049667 -> ET WEB_SPECIFIC_APPS Apache Struts2 uploadFileName Directory Traversal Attempt (CVE-2023-50164) M1

2058341 -> ET WEB_SPECIFIC_APPS Apache Struts2 Path Traversal Attempt Inbound M2 (CVE-2024-53677)

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to
https://www.fortiguard.com/outbreak-alert/apache-struts-2-rce