Thanks to Gebhard for letting us know about a new vulnerability in Apache Struts. If you recall the classloader vulnerability of few months ago, the fix for that seems to be case and punctuation sensitive (using [] instead of "." was not accounted for) In any case, they have posted a mitigation how-to here: http://struts.apache.org/announce.html#a20140424 This affects all versions up to 2.3.16.1 Find more information on this here: ================
|
Rob VandenBrink 556 Posts ISC Handler Apr 24th 2014 |
Thread locked Subscribe |
Apr 24th 2014 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!