File Upload Vulnerability in Apache Struts version 2024: Implications and Defensive Measures
Apache Struts, a popular open-source web application framework, has been affected by a critical vulnerability known as CVE-2024-53677. This vulnerability impacts various versions of Apache Struts, including older versions like Struts 2.0.0 through 2.3.37, Struts 2.5.0 through 2.5.33, and more recent versions such as Struts 6.0.0 through 6.3.0.2.
The vulnerability lies in the file upload mechanism of Apache Struts. Attackers can manipulate file upload parameters to enable path traversal, potentially leading to remote code execution. This poses a significant threat to businesses using Apache Struts, as affected systems may be vulnerable to unauthorized actors running arbitrary code, exfiltrating sensitive data, or compromising entire systems.
To detect the CVE-2024-53677 vulnerability, launching a Web Application Scan (WAS) against applications can be beneficial. For instance, tools like Qualys TruRisk Mitigate can help address critical Apache Struts vulnerabilities without the need to apply patches directly, extending beyond traditional patch management.
In conclusion, prompt updates to Struts 6.4.0 or later and transition to the updated file upload mechanism are necessary to mitigate the CVE-2024-53677 threat. The transition, however, is not backward compatible and may require rewriting specific actions and interceptors.
Modern software often relies on complex layers of dependencies, including numerous open-source frameworks and libraries. To identify, assess, and manage vulnerabilities within these components, Software Composition Analysis (SCA) is a critical tool. Qualys offers SCA through its Cloud Agent deployment, providing organizations with more sophisticated, in-depth detection capabilities.
QID 152528 - Apache Struts2 Remote Code Execution (RCE) Vulnerability (CVE-2024-53677) will be reported if the application has the vulnerable instance of Apache Struts. To provide comprehensive visibility into vulnerabilities, Qualys Vulnerability Management, Detection, and Response (VMDR) can be utilised. VMDR enables rapid response, prioritization, and effective risk mitigation.
Integrating Qualys VMDR with Qualys Patch Management allows for quick remediation of identified vulnerabilities, ensuring a more resilient and secure infrastructure. By coupling proactive detection and remediation strategies, such as Qualys VMDR, Patch Management, Software Composition Analysis, and Qualys TruRisk Mitigate, organizations can effectively manage vulnerabilities and ensure the security and resilience of their application environments.
Qualys has released QIDs to scan environments for the Apache Struts vulnerability, with QIDs available starting from version VULNSIGS-2.6.213-2 of the vulnsigs. SCA comprehensively crawls the entire file system for a holistic approach to vulnerability detection.
Businesses using Apache Struts are advised to take immediate action to protect their systems from the CVE-2024-53677 vulnerability. By leveraging tools like Qualys, organizations can ensure a more secure and resilient infrastructure.
