CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

History

20 Dec 2023, 17:58

Type Values Removed Values Added
References () https://security.netapp.com/advisory/ntap-20231214-0010/ - () https://security.netapp.com/advisory/ntap-20231214-0010/ - Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html - () http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html - Third Party Advisory, VDB Entry

14 Dec 2023, 10:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20231214-0010/ -

13 Dec 2023, 17:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html -

12 Dec 2023, 17:01

Type Values Removed Values Added
CPE cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://www.openwall.com/lists/oss-security/2023/12/07/1 - () https://www.openwall.com/lists/oss-security/2023/12/07/1 - Mailing List
References () https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj - () https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj - Mailing List, Patch

07 Dec 2023, 21:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/12/07/1', 'name': 'http://www.openwall.com/lists/oss-security/2023/12/07/1', 'tags': [], 'refsource': ''}
  • () https://www.openwall.com/lists/oss-security/2023/12/07/1 -
Summary An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or  Struts 6.3.0.1 or greater to fix this issue. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

07 Dec 2023, 15:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2023/12/07/1 -

07 Dec 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-07 09:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-50164

Mitre link : CVE-2023-50164

CVE.ORG link : CVE-2023-50164


JSON object : View

Products Affected

apache

  • struts
CWE
CWE-552

Files or Directories Accessible to External Parties