• Home
  • Attack
  • Dataset
  • Contact Us
        • T1-24–01–S–N–CL
        • T2-24–01–S–N–CL
        • T3-24–01–S–N–CL
        • T4-24–01–S–E–M
        • T5-24–01–S–E–LM
        • T6-24–01–S–E–FH
        • T7-24–01–M–NE–CLM
        • T8-24–01–M–NE–CFHL
        • T9-24–01–M–NE–CLM
        • T1-24–02–S–N–CIKM
        • T2-24–02–S–N–CL
        • T3-24–02–S–N–CL
        • T4-24-02-S-E-M
        • T5-24-02-S-E-DL
        • T6-24-02-S-E-DEGN
        • T7-24-02-M-NE-CDEGLN
        • T8-24-02-M-NE-CDL
        • T9-24-02-M-NE-CLH
        • T1-25–01–S–N–CD
        • T2-25–01–S–N–CL
        • T3-25–01–S–N–CD
        • T4-25-01-S-E-FH
        • T5-25-01-S-E-CL
        • T6-25-01-S-E-CL
        • T7-25-01-M-NE-CDN
        • T8-25-01-M-NE-CLFH
        • T9-25-01-M-NE-CDFH
  • T2-25–01–S–N–CL

  • Apache Struts 2 Path Traversal RCE (CVE-2023-50164)

    Apache Struts 2 Path Traversal RCE (CVE-2023-50164) is a path-traversal vulnerability in Apache Struts 2 that can be abusedㅡwhen combined with the product’s file-upload behaviorㅡto upload a malicious file and achieve remote code execution (RCE). It affects Apache Struts versions 2.0.0-2.5.32 and 6.0.0-6.3.0.1 and is centered on the /upload.action endpoint. The exploitation vector involves parameter-pollution: an attacker alters an initial request parameter and introduces an additional, lower-case parameter that can override an internal filename variable, enabling unauthorized path traversal and subsequent malicious file upload. Mitigation is to upgrade Apache Struts to 2.5.33, 6.3.0.2, or later.

    •  


  • OS IP Software Log collection
    time    		 Program
    runtime
    Attacker Ubuntu 22.04.1 172.17.0.1 - 20 sec 35 sec
    Victim (docker) Ubuntu 22.04.1 172.17.0.2 Apache Struts 2

  • Installation
  • python3 -m venv venv
    source ./venv/bin/activate
    pip install -r requirements.txt

  • Usage
  • sudo docker load -i T2-25-01-S-N-CL.tar
    python3 run.py

  • MITRE ATT&CK Framework
  • Attack Tactic
    Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion
    Credential Discovery Lateral Movement Collection Command and Control Exfiltration Impact

  • Logs
  • ./log/2025_01_T2_{time}.pcap # YYmmdd_HHMMSS


  • References
  • [1] NIST [CVE-2023-50164]
    [2] vsociety_ [Apache Struts RCE (CVE-2023-50164) - PoC + exploit]
    [3] Github – jakabakos [CVE-2023-50164-Apache-Struts-RCE]
    [4] TRENDmicro [Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit]

  • ※ Click on the attack name to see a description and scenario for the attack
    • 2025
    • T1-25–01–S–N–CD
    • T2-25–01–S–N–CL
    • T3-25–01–S–N–CD
    • T4-25–01–S–E–FH
    • T5-25–01–S–E–CL
    • T6-25–01–S–E–CL
    • T7-25–01–M–NE–CDN
    • T8-25–01–M–NE–CLFH
    • T9-25–01–M–NE–CDFH
  • Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.