All versions of Struts since 2008 affected – upgrade now
By John Leyden 5 Sep 2017Malicious code can be push into servers running Apache Struts 2 apps, allowing scumbags to run malware within corporate networks.
The critical security vulnerability was discovered by researchers at Semmle, who today went public with their find. Apache Struts is a popular open-source framework for developing applications in Java.
All versions of Struts since 2008 are affected and all web applications using the framework’s popular ?REST plugin are? ?vulnerable – exposing organizations and projects to hacker hijackings. Developers are advised to patch Apache Struts to version 2.5.13, which was released today.
Full Article.