Recherche : [CVE-2023-50164]

7 December 2023 - Apache Struts version 6.3.0.2 General Availability https://struts.apache.org/announce-2023?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118#a20231207-1

18/12/2023 11:21:46

7 December 2023 - Apache Struts version 6.3.0.2 General Availability

The Apache Struts group is pleased to announce that Apache Struts version 6.3.0.2 is available as a “General Availability” release. The GA designation is our highest quality grade.

The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework has been designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time.

This version addresses a potential security vulnerability identified as CVE-2023-50164 and described in S2-066 - please read the mentioned security bulletins for more details. This is a drop-in replacement and upgrade should be straightforward.

CVE-2023-50164 https://attackerkb.com/topics/pe3CCtOE81/cve-2023-50164/rapid7-analysis

15/12/2023 21:27:06

Apache Struts is a popular Java web application framework. On December 7, 2023 Apache published an advisory for CVE-2023-50164, a Struts parameter pollution vu…

Hackers are exploiting critical Apache Struts flaw using public PoC https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/

13/12/2023 17:21:24

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.

Liens par page

Filtres