网络安全研究人员最近发现，黑客正利用Apache Struts 2（一种流行的Java Web应用开发框架）中的一个重大漏洞进行网络攻击，该漏洞的追踪编号为CVE-2024-53677，能使网络攻击者绕过网络安全措施，从而完全控制受影响的服务器。

近日，安全研究人员在流行的开源Web服务器Apache Tomcat和servlet容器中发现了两个严重漏洞，可能允许攻击者远程执行代码并引发拒绝服务（DoS）攻击。第一个漏洞CVE-2024-50379影响了Apache Tomcat 11.0.0-M1到11.0.1、10.1.0-M1到10.1.33以及9.0.0.M1到9.0.97版本。如果默认servlet在不区分大小写的文件系统上设置了 ...

Use precise geolocation data and actively scan device characteristics for identification. This is done to store and access ...

Apache Struts is a widely used open-source web application framework for developing Java-based applications. CVE-2024-53677 ...

“Due to a vulnerability in the Struts 2 upload feature, attackers can upload files to restricted areas on the server, which ...

The upload function of Apache Struts is faulty and attackers can upload malicious code. Security researchers warn of attacks.

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. Apache Struts is an ...

A critical vulnerability in the Apache Struts 2 application framework is now under active exploitation, security researchers have warned, urging users to apply the patch or run the latest version ...

Proof-of-Concept (PoC) code of an exploit to trigger two security vulnerabilities in the Apache Struts 2 web application framework is publicly available on internet. Last week, Apache published a ...