Skip to content

2023-095: Critical Vulnerability in Apache Struts - with Mittre TTPs

Table of Contents

On December 7, 2023, The Apache Struts group released an update addressing a critical security vulnerability in Apache Struts. This vulnerability could lead, under some circumstances, to remote code execution.
It is recommended to upgrade to a not vulnerable version as soon as possible.


Apache Struts Security Vulnerability

Apache Struts Security Vulnerability

On December 7, 2023, The Apache Struts group released an update addressing a critical security vulnerability in Apache Struts. This vulnerability could lead, under some circumstances, to remote code execution. It is recommended to upgrade to a not vulnerable version as soon as possible.

Technical Details

The vulnerability, identified as CVE-2023-50164 with a CVSS score of 9.8, may allow an attacker to manipulate file upload parameters to enable path traversal. Under some circumstances this may allow the attacker to upload a malicious file that can be used to perform remote code execution.

Affected Products

This vulnerability affects Apache Struts versions 2.0.0 through 2.5.32 and 6.0.0 through 6.3.0.1.

Recommendations

It is recommended to upgrade to a not vulnerable version as soon as possible.

References


```htmlMITRE ATT&CK Matrix - CVE-2023-50164

MITRE ATT&CK Matrix for CVE-2023-50164

Tactic Technique Sub-Technique Mitigation Potential Attacker Groups
Initial Access T1190 - Exploit Public-Facing Application M1050 - Exploit Protection Not specified in the advisory
T1189 - Drive-by Compromise
T1195 - Supply Chain Compromise
Execution T1203 - Exploitation for Client Execution M1038 - Execution Prevention Not specified in the advisory
T1059 - Command and Scripting Interpreter T1059.001 - PowerShell
T1059.002 - AppleScript
T1059.003 - Windows Command Shell
Privilege Escalation T1068 - Exploitation for Privilege Escalation M1026 - Privileged Account Management Not specified in the advisory
Credential Access T1081 - Credentials in Files M1040 - Behavior Prevention on Endpoint Not specified in the advisory
Discovery T1083 - File and Directory Discovery M1018 - User Account Management Not specified in the advisory
Lateral Movement T1570 - Lateral Tool Transfer M1041 - Network Segmentation Not specified in the advisory
T1563 - Remote Service Session Hijacking
Collection T1005 - Data from Local System M1053 - Data Backup Not specified in the advisory
Command and Control T1071 - Application Layer Protocol M1037 - Filter Network Traffic Not specified in the advisory
Exfiltration T1041 - Exfiltration Over Command and Control Channel M1049 - Antivirus/Antimalware Not specified in the advisory
T1020 - Automated Exfiltration
Impact T1485 - Data Destruction M1031 - Network Intrusion Prevention Not specified in the advisory

Enterprise Layer

  • The critical remote code execution vulnerability in Apache Struts is primarily relevant to the Enterprise Layer of MITRE ATT&CK.

Mobile Layer

  • As Apache Struts is a server-side framework, the Mobile Layer may not be directly applicable. However, if mobile applications interact with a compromised server, it could be a vector for attack.

ICS Layer

  • Industrial Control Systems (ICS) that utilize web services based on Apache Struts may be vulnerable to the same attacks as enterprise systems, although the techniques may be adapted for the specific environment of ICS.

References

``` Please note that the attacker groups were not specified in the advisory, and as such, are not listed in the MITRE ATT&CK matrix above. The proposed mitigation techniques, while generally applicable, would need to be tailored to the specific vulnerability described (CVE-2023-50164).


This post was generated entirely by an AI language model. Source: CERT EU

Latest

Szele Tamás: Navalnij halála

Szele Tamás: Navalnij halála

Ma új fejezet kezdődött Oroszország történetében, aminek az elejét, meglehet, vérrel írják. De ha minden jól megy, a közepétől visszatérnek a tintához.

Members Public