CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html	Third Party Advisory VDB Entry
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj	Mailing List Patch
https://security.netapp.com/advisory/ntap-20231214-0010/	Third Party Advisory VDB Entry
https://www.openwall.com/lists/oss-security/2023/12/07/1	Mailing List

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:struts::::::::
	cpe:2.3:a:apache:struts::::::::

History

No history.

Information

Published : 2023-12-07 09:15

Updated : 2023-12-20 17:58

NVD link : CVE-2023-50164

Mitre link : CVE-2023-50164

CVE.ORG link : CVE-2023-50164

JSON object : View

Products Affected

apache

struts

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2023-50164", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-12-07T09:15:07.060", "references": [{"url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20231214-0010/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/07/1", "tags": ["Mailing List"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to\u00a0fix this issue.\n"}, {"lang": "es", "value": "Un atacante puede manipular los par\u00e1metros de carga de archivos para permitir path traversal y, en algunas circunstancias, esto puede provocar la carga de un archivo malicioso que puede usarse para realizar la ejecuci\u00f3n remota de c\u00f3digo. Se recomienda a los usuarios actualizar a las versiones Struts 2.5.33 o Struts 6.3.0.1 o superior para solucionar este problema."}], "lastModified": "2023-12-20T17:58:26.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE174994-63BE-4A3F-A986-7903868FCE23", "versionEndExcluding": "2.5.33", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBE0443B-320B-4C29-83DC-624546AEE6D5", "versionEndExcluding": "6.3.0.2", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}