New: Aug. 22, 2018
There is a critical vulnerability in the Apache Struts component. Struts is used as a development framework for the web presentation layer service in many applications. The vulnerability allows for remote code execution on a successful exploit over the network via unauthenticated access.
Recommendations:
- Take inventory of applications that may have Struts 2 integrated, check for patches upgrades for those products.
- Upgrade internal development products/services using Struts 2 software immediately.
Update Locations:
Struts v-2.3: https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.35
Struts v-2.5: https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.17
References: