[ANN] Apache Struts 2: possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[ANN] Apache Struts 2: possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series

Lukasz Lenart
A potential security vulnerability was reported in the Struts 1 plugin
used in the Struts 2.3.x series. It is possible to perform a Remote
Code Execution attack if given construction exists in the vulnerable
application. Please read the security bulletin for more details and
inspect your application.

- S2-048 Possible RCE in the Struts Showcase app in the Struts 1
plugin example in Struts 2.3.x series

http://struts.apache.org/docs/s2-048.html
http://struts.apache.org/announce.html#a20170707

NOTE: Please notice that this vulnerability does not affect
applications using Struts 2.5.x series or applications that do not use
the Struts 1 plugin. Even if the plugin is available but certain code
construction is not present, your application is safe.


On behalf of the Apache Struts project

Kind regards
--
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...