Apache Struts Zero Day and Mitigation
Thanks to Gebhard for letting us know about a new vulnerability in Apache Struts.
If you recall the classloader vulnerability of few months ago, the fix for that seems to be case and punctuation sensitive (using [] instead of "." was not accounted for)
In any case, they have posted a mitigation how-to here: http://struts.apache.org/announce.html#a20140424
This affects all versions up to 2.3.16.1
Find more information on this here:
http://www.pwntester.com/blog/2014/04/24/struts2-0day-in-the-wild/
================
Rob VandenBrink
Metafore
Keywords: Struts
0 comment(s)
×
Diary Archives
Comments