Main Vulnerability Database Exploits ID:10999 - Exploit for Path traversal in Apache Struts - CVE-2024-53677

ID:10999 - Exploit for Path traversal in Apache Struts - CVE-2024-53677

Published: December 19, 2024

Vulnerability identifier: #VU101653

Vulnerability risk: High

CVE-ID: CVE-2024-53677

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Apache Struts

Link to public exploit:

https://github.com/TAM-K592/CVE-2024-53677-S2-067

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in filenames during file upload within Action File Upload Interceptor. A remote attacker can upload a specially crafted file to the server into an arbitrary directory.

Successful exploitation may allow an attacker to upload an arbitrary file and execute it on the server, leading to a full system compromise.

Remediation

Install update from vendor's website.

ID:10999 - Exploit for Path traversal in Apache Struts - CVE-2024-53677

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human