Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. “Attackers aim to deploy webshells, with some cases targeting the parameter ‘fileFileName’ – a deviation from the original exploit PoC,” Akamai’s Security Intelligence Group flagged on Wednesday. The Shadowserver Foundation has also started noticing exploitation attempts in their sensors, though they don’t see them succeeding. About the vulnerability CVE-2023-50164, reported by Steven Seeley … More

The post Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164) appeared first on Help Net Security.