This repository provides a Docker-based environment to reproduce the CVE-2024-53677 vulnerability in Apache Struts 2. This vulnerability involves path traversal and allows for arbitrary code execution (RCE) through the file upload functionality in Struts 2.
This reproduction environment is based on the CVE-2023-50164 repository, which can be found at: https://github.com/Trackflaw/CVE-2023-50164-ApacheStruts2-Docker
The original repository demonstrated a file upload vulnerability in Apache Struts 2 (CVE-2023-50164), exploiting path traversal in file uploads. In this repository, we have modified the setup to simulate the CVE-2024-53677 vulnerability.
- FileUploadInterceptor Integration:
- We replaced the original file upload handling logic with FileUploadInterceptor, a feature in Struts 2 that better supports file uploads. This change aligns with the root cause of the CVE-2024-53677 vulnerability, which relates to improper file upload handling.
- Disabling File Type Validation:
- For this reproduction, we disabled file type validation to simplify the reproduction process and allow any file type (e.g., .jsp, .php, .war) to be uploaded. This lowers the cost of reproducing the vulnerability.
The environment can be built and run using Docker. Follow these steps to set up the application:
git clone https://github.com/c4oocO/CVE-2024-53677-Docker.git
cd CVE-2024-53677-Docker
docker build --ulimit nofile=122880:122880 -m 3G -t CVE-2024-53677 .
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name CVE-2024-53677 CVE-2024-53677
docker run -p 8080:8080 --ulimit nofile=122880:122880 -m 3G --rm -it --name CVE-2024-53677 CVE-2024-53677
curl http://localhost:8080/upload.action