{"timestamp":"2024-12-16T00:00:00+00:00","id":"CVE-2024-53677","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Apache Software Foundation","product":"Apache Struts","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.struts:struts2-core","versions":[{"version":"2.0.0","lessThan":"6.4.0","versionType":"semver","status":"affected"}]}]

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

OR
          *cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (excluding) 6.4.0

Apache Software Foundation: https://cwiki.apache.org/confluence/display/WW/S2-067 Types: Third Party Advisory

CVE: https://security.netapp.com/advisory/ntap-20250103-0005/ Types: Third Party Advisory

https://security.netapp.com/advisory/ntap-20250103-0005/

File upload logic is flawed vulnerability in Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 and migrate to the new  file upload mechanism https://struts.apache.org/core-developers/file-upload .

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 at least and migrate to the new  file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

File upload logic is flawed vulnerability in Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 migrate to the new  file upload mechanism https://struts.apache.org/core-developers/file-upload .

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

File upload logic is flawed vulnerability in Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 and migrate to the new  file upload mechanism https://struts.apache.org/core-developers/file-upload .

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

File upload logic is flawed vulnerability in Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0, which fixes the issue.

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

File upload logic is flawed vulnerability in Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 migrate to the new  file upload mechanism https://struts.apache.org/core-developers/file-upload .

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

CWE-434

File upload logic is flawed vulnerability in Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0, which fixes the issue.

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:L/U:Red

https://cwiki.apache.org/confluence/display/WW/S2-067