移到主要內容

【漏洞預警】Apache Struts 2存在安全漏洞(CVE-2024-53677),請儘速確認並進行修補

轉發 國家資安資訊分享與分析中心 NISAC-200-202412-00000056

 

研究人員發現Apache struts 2存在任意檔案上傳(Arbitrary File Upload)漏洞(CVE-2024-53677),允許未經身分鑑別之遠端攻擊者上傳網頁後門程式並於伺服器端執行,請儘速確認並進行修補。

 

情資分享等級: WHITE(情資內容為可公開揭露之資訊)

 

此訊息僅發送到「區縣市網路中心」,煩請貴單位協助公告或轉發

 

[影響平台:]

Struts 2.0.023.37版本

Struts 2.5.02.5.33版本

Struts6.0.06.3.0.2版本

 

[建議措施:]

官方已針對漏洞釋出修復更新,請參考官方說明,網址如下:

https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FWW%2FS2-067&data=05%7C02%7Claurenslo%40cgu.edu.tw%7Cb048234cb4bc44aee3be08dd209f43d4%7Cda5635aa1e4b44fc9214596b4265e453%7C0%7C0%7C638702590670565323%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=YdUJU95ttP1QQd8A%2F%2FziolH4TZbVWuxazllJD5teYsQ%3D&reserved=0

 

[參考資料:]

1. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2024-53677&data=05%7C02%7Claurenslo%40cgu.edu.tw%7Cb048234cb4bc44aee3be08dd209f43d4%7Cda5635aa1e4b44fc9214596b4265e453%7C0%7C0%7C638702590670603602%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=QHSVbAcdVVtNhJSFHh4%2Fd%2BEbre4DRXF7Qqcd9F1er%2F8%3D&reserved=0

2. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FWW%2FS2-067&data=05%7C02%7Claurenslo%40cgu.edu.tw%7Cb048234cb4bc44aee3be08dd209f43d4%7Cda5635aa1e4b44fc9214596b4265e453%7C0%7C0%7C638702590670631620%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=upku9EAq3oPKF24R9uZv3vYteothv1xzf0xBnz9eYxw%3D&reserved=0

3. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ithome.com.tw%2Fnews%2F166558&data=05%7C02%7Claurenslo%40cgu.edu.tw%7Cb048234cb4bc44aee3be08dd209f43d4%7Cda5635aa1e4b44fc9214596b4265e453%7C0%7C0%7C638702590670657250%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=awRVURsrvJ4q3g9b6LcyAIdA7hon6xVMUYcvUVj%2FEAc%3D&reserved=0

 

(此通報僅在於告知相關資訊,並非為資安事件),如果您對此通報的內容有疑問或有關於此事件的建議,歡迎與我們連絡。

教育機構資安通報應變小組

網址:https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Finfo.cert.tanet.edu.tw%2F&data=05%7C02%7Claurenslo%40cgu.edu.tw%7Cb048234cb4bc44aee3be08dd209f43d4%7Cda5635aa1e4b44fc9214596b4265e453%7C0%7C0%7C638702590670676051%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Tpm6OOisGRDVnycRPEaDFwMdE4Riq3rIAfa%2F3agaAvM%3D&reserved=0

專線電話:07-5250211

網路電話:98400000

E-Mailservice@cert.tanet.edu.tw

 ---

電話服務:週一至週五 0800-1700 03-4227151# 57555, 57566

網路電話(VoIP)9782005597820066

週一至週五 1700-2200   03-4227151# 57511

Email 服務: tanet_ncu@ncu.edu.tw

桃園區網網址: https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.tyrc.edu.tw%2F&data=05%7C02%7Claurenslo%40cgu.edu.tw%7Cb048234cb4bc44aee3be08dd209f43d4%7Cda5635aa1e4b44fc9214596b4265e453%7C0%7C0%7C638702590670691847%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Pwf9IzmSGfQw7b25cjLaXy0wslCONgwjJJDP%2B8Yd2qg%3D&reserved=0