Last Updated: 2014-04-24 18:28:53 UTC
by Rob VandenBrink (Version: 1)
Thanks to Gebhard for letting us know about a new vulnerability in Apache Struts.
If you recall the classloader vulnerability of few months ago, the fix for that seems to be case and punctuation sensitive (using  instead of "." was not accounted for)
In any case, they have posted a mitigation how-to here: http://struts.apache.org/announce.html#a20140424
This affects all versions up to 220.127.116.11
Find more information on this here: