Apache Struts bug is under attack, patch now

Apache Software Foundation has patched a remote code execution vulnerability affecting the Jakarta Multipart parser in Apache Struts. Administrators need to update the popular Java application framework or put workarounds in place because the vulnerability is actively being targeted in attacks.

The issue affects Apache Struts versions 2.3.5 through 2.3.31 and versions 2.5 through 2.5.10. The presence of vulnerable code is enough to expose the system to attack—the web application doesn’t need to implement file upload for attackers to exploit the flaw, said researchers from Cisco Talos.

To read this article in full or to leave a comment, please click here

Source: Infoworld.com | Security

Leave a Reply

Your email address will not be published. Required fields are marked *