Apache has released a security bulletin addressing a critical vulnerability in Apache Struts 2. Apache Struts is an open-source model-view-controller (MVC) framework for creating Java web applications.
CVE-2024-53677 is a ‘Unrestricted Upload of File with Dangerous Type’ vulnerability and has a CVSSv4 score of 9.5. This vulnerability exists in the File Upload Interceptor, which allows developers easy access to file upload support. If CVE-2024-53677 is exploited, a remote unauthenticated attacker could traverse system paths, upload malicious files and perform remote code execution (RCE).
Read more…
Source: NHS Digital
Related:
- NSA Advocates Data Sharing Framework
June 23, 2017
The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...

