9.8

CVE-2023-50164

Apache Struts: File upload component had a directory traversal vulnerability

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheStruts Version >= 2.0.0 < 2.5.33
ApacheStruts Version >= 6.0.0 < 6.3.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 80.82% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
Patch
Mailing List
https://security.netapp.com/advisory/ntap-20231214-0010/
Third Party Advisory
VDB Entry
https://www.openwall.com/lists/oss-security/2023/12/07/1
Mailing List