Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apache Struts Zero Day and Mitigation

Published: 2014-04-24
Last Updated: 2014-04-24 18:28:53 UTC
by Rob VandenBrink (Version: 1)
0 comment(s)

Thanks to Gebhard for letting us know about a new vulnerability in Apache Struts.

If you recall the classloader vulnerability of few months ago, the fix for that seems to be case and punctuation sensitive (using [] instead of "."  was not accounted for)

In any case, they have posted a mitigation how-to here:

This affects all versions up to

Find more information on this here:

Rob VandenBrink


Keywords: Struts
0 comment(s)
Diary Archives