SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-53677

CVE-2024-53677: Apache Struts File Upload RCE Vulnerability

CVE-2024-53677 is a remote code execution vulnerability in Apache Struts file upload logic allowing path traversal attacks. Attackers can upload malicious files to execute arbitrary code. This article covers technical details and mitigation.

Updated:

CVE-2024-53677 Overview

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable path traversal, and under some circumstances, this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

Critical Impact

This vulnerability allows for remote code execution through crafted malicious file uploads.

Affected Products

  • Apache Struts 2.0.0 before 6.4.0

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Apache
  • Not Available - CVE CVE-2024-53677 assigned
  • Not Available - Apache releases security patch
  • 2024-12-11 - CVE CVE-2024-53677 published to NVD
  • 2025-07-15 - Last updated in NVD database

Technical Details for CVE-2024-53677

Vulnerability Analysis

The vulnerability arises from improper file upload parameter handling, allowing attackers to perform path traversal. This can lead to the upload of malicious files, potentially enabling remote code execution.

Root Cause

The root cause is the flawed logic in the FileuploadInterceptor, which improperly sanitizes file paths during upload.

Attack Vector

The vulnerability can be exploited remotely via network access by sending crafted file upload requests.

java
// Example exploitation code (sanitized)
public void exploit(StrutsRequest req) {
    req.addFile("../../../../malicious.jar");
    req.send();
}

Detection Methods for CVE-2024-53677

Indicators of Compromise

  • Malicious file uploads with unexpected paths
  • Suspicious file creation under application directories
  • Anomalous application behavior or crashes

Detection Strategies

Utilize intrusion detection systems (IDS) to monitor for unusual file upload patterns, and employ file integrity checks on server directories.

Monitoring Recommendations

Continuously monitor log files for irregular file upload requests and implement alerts for unauthorized access attempts.

How to Mitigate CVE-2024-53677

Immediate Actions Required

  • Upgrade to Apache Struts version 6.4.0 or later
  • Disable the old file upload logic
  • Employ strict input validation and file type checks

Patch Information

Update your Apache Struts deployments to version 6.4.0. Follow the guidance at Apache Struts File Upload.

Workarounds

Disable the vulnerable FileuploadInterceptor and switch to the new file upload mechanism provided by Struts.

bash
# Configuration example
sed -i '/FileuploadInterceptor/d' struts.xml

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne