Talk-A-Blog: Apache Struts2 CVE-2023-50164, File Upload Vulnerability Analysis
ID: 0daf160e-8502-5f41-a80b-fc29967b9549
STIX ID: report--0daf160e-8502-5f41-a80b-fc29967b9549
Feed Name: GreyNoise Labs
Threat Score
A GreyNoise walkthrough analyzes Apache Struts2 CVE-2023-50164, demonstrating that malformed multipart uploads—leveraging parameter capitalization, prototype-pollution-like behavior, and exception conditions—can bypass path normalization to write a JSP web shell to disk. The report details PoC construction, default multipart save directory behavior, test-case findings, and notes that actual exploitability depends on how Struts2 is embedded and routed in vendor applications.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.