Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.
Apache Struts is an open-source web development framework for Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media.
On Monday, the Apache Struts developers fixed a high-impact vulnerability in the framework’s Jakarta Multipart parser. Hours later, an exploit for the flaw appeared on Chinese-language websites, which was almost immediately followed by real-world attacks, according to researchers from Cisco Systems.
Source: Computerworld.com | Security