Apache Struts External Entity (XXE) Injection Vulnerability S2-069 (CVE-2025-68493)
janeiro 13, 2026
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Struts external entity (XXE) injection vulnerability S2-069 (CVE-2025-68493); Because the XWork component of Apache Struts does not perform effective validation when parsing XML configuration, attackers can inject external entities by constructing malicious XML data to read sensitive server files, perform […]
Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)
dezembro 16, 2024
Overview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS […]
