CVE-2024-53677: Critical RCE vulnerability in Apache Struts 2 - what you need to know

What is the CVE-2024-53677?

Does CVE-2024-53677 affect me?

Organizations using Java-based applications built with Apache Struts 2 are at risk if their versions fall within the affected ranges and rely on the vulnerable File Upload Interceptor component. Commonly affected sectors include government, financial services, and telecommunications, where Struts 2 continues to see substantial usage despite the availability of alternative frameworks. 

To determine your risk: 

• Identify your version – Audit all Java applications using Apache Struts 2 and check their versions.
• Assess component usage – Verify whether the File Upload Interceptor component is implemented.
• Monitor for activity – Investigate logs for suspicious activity, especially related to file uploads.

Has CVE-2024-53677 been actively exploited in the wild?

While no confirmed exploitation of CVE-2024-53677 has been publicly reported, history suggests caution. Apache Struts vulnerabilities have been prime targets for attackers, with notable incidents like the Equifax breach in 2017, attributed to a similar flaw.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlights multiple Struts RCE vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, indicating their attractiveness to threat actors. 

Given Struts 2’s download volume – estimated at 300,000 monthly requests, with a significant portion still containing critical bugs – organizations should treat this vulnerability as a high-priority issue.

How to fix CVE-2024-53677

Organizations applying to the above conditions should Upgrade to a Secure Version: The most effective solution is to upgrade to Apache Struts 2.6.4.0 or later. This update not only addresses the vulnerability but also eliminates the deprecated File Upload Interceptor component. 

Additionally, admins are advised to migrate to Action File Upload Interceptor immediately. If your application relies on the deprecated File Upload Interceptor, migrating to the Action File Upload Interceptor is essential. This process involves rewriting your actions to ensure compatibility with the newer mechanism, which offers enhanced security and integration features. 

For further mitigations it is also strongly recommended to: 

1. Monitor vendor advisories – Stay updated on patches and recommendations for applications utilizing Apache Struts. 
2. Investigate and monitor systems – Check logs and systems for unusual activity, particularly around file uploads. 
3. Apply patches – Ensure all Java applications using Apache Struts are patched promptly. 
4. Assess your environment – Proactively scan systems for potential compromise and misconfigurations. 

CVE-2024-53677 underscores the ongoing risks posed by outdated or improperly configured software components. With its potential for severe exploitation, organizations must act quickly to assess their exposure and apply the necessary updates. 

By upgrading to a secure version and adopting modern file upload mechanisms, businesses can significantly reduce their attack surface and safeguard their systems against this critical flaw.

Further reading

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

1. Q3 2024 Vulnerability Watch 
2. IBM’s Cost of a Data Breach 2024: What we learned 
3. Fixing the RCE flaw in the Common Unix Printing System (CUPS) 
4. Vulnerability disclosure policy (and how to get it right) 
5. OpenSSH again? How to fix CVE-2024-7589