Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/113674994182944746">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 19-Dec-2024 02:26:15 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/113670860069480829" rel="in-reply-to">in reply to</a></div></section><article><p>On CVE-2024-53677 (Struts vuln), it's following a very similar path to the Struts 2 vuln last year:</p><p>- Media are reporting it is being exploited in the wild.  It isn't.  People are spraying and praying - the exploit payloads don't work.</p><p>- People are posting a PoC for it.  The PoC doesn't work.  You'd have to make a vulnerable webapp, and then tailor the PoC to it.</p><p>Not to downplay it, just keep calm and patch.  You may have noticed the internet didn't melt last time.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2601140#notice-8230873">In conversation</a><time datetime="2024-12-19T02:26:15+09:00" title="Thursday, 19-Dec-2024 02:26:15 JST">about 3 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/113674994182944746" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/113674994182944746">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3726326">Untitled attachment</a></label><br><video poster="" controls="controls"><source src="https://cyberplace.social/system/media_attachments/files/113/674/988/840/206/930/original/2bd2c3a76e462261.mp4" type="video/mp4"></source></video></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 19-Dec-2024 02:26:15 JST Kevin Beaumont
in reply to
On CVE-2024-53677 (Struts vuln), it's following a very similar path to the Struts 2 vuln last year:
- Media are reporting it is being exploited in the wild. It isn't. People are spraying and praying - the exploit payloads don't work.
- People are posting a PoC for it. The PoC doesn't work. You'd have to make a vulnerable webapp, and then tailor the PoC to it.
Not to downplay it, just keep calm and patch. You may have noticed the internet didn't melt last time.
In conversationabout 3 months ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice