Yesterday saw CVE-2017-9805, today we have a new remote code execution vulnerability in Apache Struts 2 which is CVE-2017-12611. Yesterdays was in the REST API and related to Java XML unsafe deserializarion. Todays relates to using Freemarker in your application. Both should encourage you to patch. Current versions are Struts 2.3.34 and Struts 2.5.13. Cheers, |
Adrien de Beaupre 353 Posts ISC Handler Sep 8th 2017 |
Thread locked Subscribe |
Sep 8th 2017 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!