POC code for Apache Struts 2 is already on network: sharp surge of harmful activity was not long in coming

Apache Struts Vulnerability Exploitation Attempts Increase

Earlier this week, we highlighted the vulnerability CVE-2023-50164
in Apache Struts 2. Despite prompt action from developers who released the necessary correction,
the spread of attacks has not been fully contained.

Yesterday, security researchers from Shadowserver noted
an increasing number of attempts to exploit the CVE-2023-50164 vulnerability
using publicly available proof-of-concept (POC) code published.

The vulnerability affects various versions of Apache Struts, including 2.0.0 to 2.5.32
and 6.0.0 to 6.3.0.1. The Apache team strongly advises web developers using this framework
to update to the latest versions that have already addressed this security flaw.

If left unpatched, successful exploitation of the vulnerability could result in unauthorized access
to web servers, manipulation or theft of sensitive data, disruptions to critical services,
and lateral movement within compromised networks.

Meanwhile, Cisco has also taken notice of the situation and issued a security bulletin.
Cisco is currently investigating the impact of CVE-2023-50164 on its products that utilize Apache Struts,
analyzing the potential consequences of this security flaw.

A comprehensive list of Cisco products that may be vulnerable can be found in the provided bulletin,
which will be regularly updated as additional information becomes available.

/Reports, release notes, official announcements.