The recently released Struts 2.0 is an elegant, extensible framework for building enterprise-ready Web applications using Java code.

Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.

As Apache notes: "Using the old File Upload mechanism keeps you vulnerable to this attack." Despite web app developers often opting for different frameworks nowadays, Struts 2 remains widely popular.

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices.

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof ...