Apache Struts Exposes Government Network Access

Critical vulnerability in Apache Struts 2 being actively exploited by attackers

Apache Struts, an open-source framework used for building web applications in Java, is currently facing a critical security flaw that attackers are taking advantage of by using public exploits to target vulnerable devices.

Various organizations, such as government agencies, e-commerce platforms, financial institutions, and airlines, rely on Apache Struts for their web application development needs.

Recently, Apache disclosed details about CVE-2024-53677 (CVSS: 9.5), a vulnerability affecting the file download logic in Apache Struts versions 2.0.0-2.3.37 (outdated), 2.5.0-2.5.33, and 6.0.0-6.3.0.2. According to Apache’s security bulletin, this vulnerability allows for manipulation of file download parameters, enabling unauthorized access.

This flaw could potentially allow attackers to bypass access restrictions, gain access to confidential data, and in some cases, even modify files that are typically restricted.

/Reports, release notes, official announcements.