New: Aug. 22, 2018

There is a critical vulnerability in the Apache Struts component. Struts is used as a development framework for the web presentation layer service in many applications. The vulnerability allows for remote code execution on a successful exploit over the network via unauthenticated access.


  1. Take inventory of applications that may have Struts 2 integrated, check for patches upgrades for those products.
  2. Upgrade internal development products/services using Struts 2 software immediately.

Update Locations:

Struts v-2.3:

Struts v-2.5: