- Description
- File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- struts
CVSS 4.0
- Type
- Secondary
- Base score
- 9.5
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:L/U:Red
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-434
- Hype score
- Not currently trending
Organizations still running #Apache Struts 2.5.33 are exposed to critical file upload vulnerabilities, such as CVE-2024-53677. In our latest blog, we discuss these vulnerabilities, explain why using EOL frameworks increases the risk of breaches and compliance issues, and offer h
@TuxCare_
30 Sept 2025
104 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New Templates Bounty Issue 💰 CVE-2024-53677 - Apache Struts - Unrestricted File Upload 💰 👾 Issue: https://t.co/CbBxzzK7WY #bugbounty #NucleiTemplates #cve #opensource
@pdnuclei
31 Aug 2025
1702 Impressions
2 Retweets
19 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2024-53677 By adding another boundary with "Content-Disposition: form-data; name="top.UploadFileName";" I'm able to control where the file gets placed. Took a regular PNG, kept the magic bits and filename but changed the contents to a .jsp web shell and was able to add it h
@GLAsk1d
2 May 2025
112 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-53677 RCE in Apache Struts Software Unrestricted upload of a dangerous file and RCE in Apache Struts software is the new critical issue. Hacker can manipulate file upload parameters to enable paths traversal, and then he is able to upload a malicious file that can be… h
@PPHM_HackerNews
14 Mar 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【MBSD技術者ブログ】 2025年1月分 #MBSD #SOC の検知傾向トピックスを公開しました。 今月は、Apache Struts 2のファイルアップロードの脆弱性(CVE-2024-53677)を狙った攻撃を観測しました。… https://t.co/tlLa02mcWB https://t.co/LGwJRTil1f
@mbsdnews
18 Feb 2025
690 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
🌐 EQST Insight - Research & Technique ✨ Title - Struts2 File Upload Vulnerability (CVE-2024-53677) 💡details https://t.co/H0RKjjeBSf 💡summary - On December 11, 2024, remote code execution vulnerability (CVE-2024-53677) bypassing Apache Struts2 file upload restrictions w
@EQSTLab
11 Feb 2025
87 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Strutted from @hackthebox_eu showcases CVE-2024-53677, a upload vulnerability in Apache Struts that can lead to RCE. I also go way down a rabbit hole to understand why the tomcat user can't su to another user, even with the proper password. https://t.co/HQkZV5QYna
@0xdf_
28 Jan 2025
2843 Impressions
15 Retweets
84 Likes
20 Bookmarks
1 Reply
0 Quotes
Apache Struts 2に存在するRCE脆弱性(CVE-2024-53677,S2-067)に関する検証レポート | NTTデータ先端技術 Apache Struts 2に存在する任意のファイルアップロードが行われリモートコード実行が行われる可能性がある脆弱性について、概要や対策などをご紹介します。 https://t.co/eybU03I6ZH
@intellilink_pr
21 Jan 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Remote Code Execution - #Apache #Struts (CVE-2024-53677) vulnerability. On December 20, a public exploit for the vulnerability was released. ➡️ https://t.co/xHVADJL1SO https://t.co/U4JmvR3OAO
@leonov_av
8 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53677: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some this can lead to uploading a malicious file which can be used to perform Remote Code Execution. PoC https://t.co/kXJh2P9O49 htt
@cyber_advising
8 Jan 2025
1034 Impressions
5 Retweets
20 Likes
10 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-3393: Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability (DoS) - https://t.co/EoSn0IpVU9 2. CVE-2024-12908: Delinea Protocol Handler - RCE via Update Process - https://t.co/1Vgu4OZ84E 3. CVE-2024-53677: Unrestricted Upload of File with Dangerous
@ksg93rd
6 Jan 2025
456 Impressions
1 Retweet
6 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-53677 : File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and this can lead to uploading a malicious file which can be used to perform Remote Code Execution. https://t.co/kXJh2PalTH https://t.co/JUj7TEPw
@cyber_advising
3 Jan 2025
837 Impressions
0 Retweets
14 Likes
5 Bookmarks
1 Reply
0 Quotes
No, Apache Struts CVE-2024-53677 isn't being "actively exploited" to actually compromise production systems. Stop it. You know better. And if you don't, stop saying words on the internet. There are real threats to prioritize.
@catc0n
30 Dec 2024
739 Impressions
3 Retweets
15 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53677 這個漏洞也是毀家滅國的問題啊....
@mikeliu93980295
27 Dec 2024
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Actors Actively Exploiting Apache Struts Vulnerability CVE-2024-53677 https://t.co/PqfsEpkB7p CVE-2023-50164 CVE-2024-53677
@vault33org
27 Dec 2024
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-53677: Critical Apache Struts RCE https://t.co/obcHCIK3qM 2. CVE-2024-10793: WP Activity Log plugin XSS https://t.co/nbC256xZqX 3. CVE-2024-55875: Kotlin HTTP XXE/SSRF https://t.co/BuZqsrJDDO
@VIPER92929
24 Dec 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical Apache Struts Remote Code Execution Vulnerability 🚨 Vulnerability Details: CVE-2024-53677 (CVSS v3 9.5/10) Apache Struts Remote Code Execution Vulnerability Impact A successful exploit may allow an attacker to manipulate file upload parameters, enabling
@CyberxtronTech
24 Dec 2024
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert: CVE-2024-53677 🚨 A critical RCE vulnerability in Apache Struts (v2.0.0–6.3.0.2) allows attackers to bypass file checks & execute malicious code. Upgrade to v6.4.0+ ASAP! Secure your assets with HackTru-contact us today! #CyberSecurity #HackTru #CVE2024-5
@hacktru
23 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Descubierta Vulnerabilidad Crítica de Subida de Archivos en #ApacheStruts2 Una grave #vulnerabilidad, identificada como CVE-2024-53677, ha sido detectada en Apache Struts2, un popular framework de desarrollo web en #Java. Esta falla permite a los... https://t.co/qqQWAvXY3c
@ojo_cibernetico
23 Dec 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ITSecurity Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677 https://t.co/VLBQ3swHXU
@seaarepea
22 Dec 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53677: A critical file upload vulnerability in Apache Struts2 - Security Boulevard https://t.co/CjM6cfrPvD
@PVynckier
22 Dec 2024
104 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
آسیب پذیری CVE-2024-53677 در Apache Struts مورد سوء استفاده قرار گرفت https://t.co/5tCmDRgqNU
@vulnerbyte
21 Dec 2024
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Emerging Threat Alert: Apache Struts CVE-2024-53677 🚨 A critical flaw in Apache Struts allows remote code execution, posing serious risks to organizations. Act now to secure your systems. Details: https://t.co/rCsZgi69XW #Cybersecurity #CyberThreat https://t.co/I9wv6RhQkO
@CyCognito
20 Dec 2024
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2. A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it. https://t.co/JlVnkvWQct
@riskigy
20 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Developers, protect your applications now! There's a critical file upload vulnerability (CVE-2024-53677) in Apache Struts2 that could allow unauthorized access and remote code execution. Ensure you're up-to-date and secure! #cybersecurity https://t.co/5cS5XkWqLH https://t.co/FFI
@sequretek_sqtk
20 Dec 2024
41 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
📢ผู้โจมตีพยายามที่จะใช้ประโยชน์จากช่องโหว่ใน Apache Struts ที่หมายเลข CVE-2024-53677 #ThaiCERT #NCSA #CybersecurityNews 📌สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrYz4c https://t.co/rVFoL46Vkz
@ThaiCERTByNCSA
20 Dec 2024
28 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it. https://t.co/6p1CcTR5jY #Apache #cve #vulnerability #CybersecurityNews #threatresq
@ThreatResq
20 Dec 2024
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Struts 2で新たに発見された重大な脆弱性(CVE-2024-53677)が世界中で問題に。単純なパッチでは解決できず、コードの書き換えが必要。金融機関や政府システムなど、重要インフラへの影響が懸念される。 #サイバーセキュリティ #ApacheStruts2 https://t.co/im3Mjj3eVi
@innovaTopia_JP
20 Dec 2024
37 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Grave vulnerabilità in Apache Struts (CVE-2024-53677): Rischi e Implicazioni per la Sicurezza https://t.co/lH5jDdwj7i #ApacheStruts #Vulnerabilità #CVE202453677 #SicurezzaInformatica #RCE #FrameworkJava #AggiornamentiDiSicurezza #Cybersecurity #Mitigazione #Patch
@technocratico72
19 Dec 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53677 – Exploitation Attempts of Critical Apache Struts RCE Vulnerability https://t.co/QrlLlNcr0g #cybersecurity #cve #rce
@ervik
19 Dec 2024
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Strut. The Critical Apache Struts issue is tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. https://t.co/vKHMBPGPJ9 https://t.co/chivWu2qWW
@riskigy
19 Dec 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Struts: A recently patched Critical Apache Struts 2 #vulnerability tracked as CVE-2024-53677 (CVSS: 9.5) is actively exploited by attackers allowing uploading malicious files like web shells: 👇 https://t.co/jK97IwzJdF
@securestep9
19 Dec 2024
59 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Patch Alert: Une faille critique d'Apache Struts détectée, avec tentatives d'exploitation en cours. CVE-2024-53677 affiche un score CVSS de 9.5/10. Analystes Sécurité, soyez vigilants! #Cybersecurite #ZeroDay #AlerteSécurité 👉 https://t.co/xmq0Ji7Czm
@CyberAlertFr
19 Dec 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch critique pour Apache Struts ! Un défaut de sécurité (CVE-2024-53677) expose à des attaques de code à distance. Les analystes sécurité doivent agir rapidement. #Cybersecurite #ZeroDay 👉 https://t.co/xmq0Ji7Czm
@CyberAlertFr
18 Dec 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Struts Under Siege: Hackers Exploit Critical Vulnerability CVE-2024-53677 Hot Take: Well, it looks like the Apache Struts vulnerability CVE-2024-53677 is the new hot potato in town, and everyone and their cyber-criminal cousin wants a piece of it. If you're running an… h
@TheNimbleNerd
18 Dec 2024
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. https://t.co/4pmXGJ2GuO
@blackwired32799
18 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Rapid7 analysis of Apache #Struts2 CVE-2024-53677 below via @the_emmons. Very similar to Struts CVE-2023-50164 — payloads have to be customized to the target and unsuccessful exploit attempts are being incorrectly interpreted as exploitation in the wild. https://t.co/IQqCG6uJD2
@catc0n
18 Dec 2024
6591 Impressions
19 Retweets
42 Likes
16 Bookmarks
1 Reply
1 Quote
⚠️PSA - if you’ve recently upgraded Apache Struts 2 to resolve the new critical CVE-2024-53677 RCE vulnerability, you might still be vulnerable! This vulnerability has seen exploit attempts in the wild, only 4 days after it was published on Apache’s security advisory. The… https
@JFrogSecurity
18 Dec 2024
405 Impressions
2 Retweets
5 Likes
3 Bookmarks
1 Reply
0 Quotes
💣 Zero-Day: Apache Struts CVE-2024-53677 Under Attack! 💣 WIRE TOR - The Ethical Hacking Services A newly patched Apache Struts 2 vulnerability (CVE-2024-53677) is under active exploitation. This critical flaw is being leveraged to locate and attack vulnerable systems. #Hack ht
@WireTor
18 Dec 2024
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی با کد شناسایی CVE-2024-53677 برای محصول Apache Struts2 منتشر شده است . نمره این آسیب پذیری 9.5 می باشد و به هکرها امکان upload فایل و در نهایت اجرای کد به صورت remote را می دهد. https://t.co/Poz3aKYxT1 https://t.co/36wZEnUTqp
@AmirHossein_sec
18 Dec 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🆘❗Vulnerabilidad crítica en Apache Struts amenaza a las agencias gubernamentales 🛡 La vulnerabilidad CVE-2024-53677 en Apache Struts permite la carga de archivos maliciosos. El problema afecta a las versiones de Struts anteriores a la 6.4.0 y permite la ejecución remota de… h
@stegaintell
18 Dec 2024
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🆘❗Vulnerabilidad crítica en Apache Struts amenaza a las agencias gubernamentales 🛡 La vulnerabilidad CVE-2024-53677 en Apache Struts permite la carga de archivos maliciosos. El problema afecta a las versiones de Struts anteriores a la 6.4.0 y permite la ejecución remota de… h
@stegaintell
18 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical Apache Struts vulnerability (CVE-2024-53677) with a 9.5/10 CVSS score is actively being exploited, putting corporate IT stacks at risk. » Hackers are uploading malicious files, enabling remote code execution. » Systems running Struts versions 2.0.0 to 6.3.0.2 are…
@Cyberwald_talks
18 Dec 2024
65 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Exploit Code for Apache Struts CVE-2024-53677 released #ApacheStruts #CVE-2024-53677 #ExploitCode https://t.co/kMEXpOkOtq
@pravin_karthik
18 Dec 2024
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Critical Apache Struts Vulnerability Actively Exploited A new critical vulnerability in Apache Struts, CVE-2024-53677, is being used by hackers to identify vulnerable servers for exploitation. Immediate patching is crucial as proof-of-concept exploits are already in the wild
@gossy_84
18 Dec 2024
159 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Strutsの脆弱性CVE-2024-53677(CVSSスコア9.5)が悪用され、攻撃者がファイルアップロードを通じてリモートコード実行を可能に。対象はStruts 2.0.0~6.3.0.2で、バージョン6.4.0で修正済み。迅速なアップデートが推奨される。 https://t.co/n9RwuTqeJY
@01ra66it
18 Dec 2024
210 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
New critical Apache Struts flaw exploited to find vulnerable servers: https://t.co/n2lRxW5B45 A critical vulnerability in Apache Struts 2, tracked as CVE-2024-53677, has been actively exploited, allowing attackers to upload malicious files leading to remote code execution. The…
@securityRSS
18 Dec 2024
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 A critical Apache Struts vulnerability (CVE-2024-53677) with a 9.5/10 CVSS score is actively being exploited, putting corporate IT stacks at risk. Upgrade to Struts 6.4.0+ and adopt the Action File Upload mechanism NOW to stay secure. Details: https://t.co/Ly0RpCCRyZ
@TheHackersNews
18 Dec 2024
43966 Impressions
44 Retweets
112 Likes
24 Bookmarks
2 Replies
1 Quote
A critical vulnerability in Apache Struts 2, identified as CVE-2024-53677, is being actively exploited in order to seek out vulnerable servers. https://t.co/DdPYnLhV4I
@VULNERAsecurity
18 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Struts Strikes Again: CVE-2024-53677 Vulnerability Sparks Exploit Frenzy! Hot Take: Just when you thought it was safe to go back in the Java waters, Apache Struts makes a splash with yet another vulnerability! This time, it’s like a sequel nobody asked for, featuring the
@TheNimbleNerd
17 Dec 2024
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAB5D8EE-6237-4CB6-B363-E1B6982E44EE",
"versionEndExcluding": "6.4.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]