Severe Security Vulnerability - Apache Struts

Vendor

Apache Struts

Description

Security researchers at lgtm.com have discovered a critical remote code execution vulnerability in Apache Struts — a popular open-source framework for developing web applications in the Java programming language. All versions of Struts since 2008 are affected; all web applications using the framework’s popular REST plugin are vulnerable. Users are advised to upgrade their Apache Struts components as a matter of urgency. This vulnerability has been addressed in Struts version 2.5.13.
 
Affected developers are urged to upgrade to Apache Struts version 2.5.13.
 
The flaw was reported to Apache Struts developers in July, with a patched version of the framework released today.

 
Recommendation - 

Upgrade Immediately
 

Apache Struts version 2.5.13 https://struts.apache.org/announce.html#a20170905

Technical

https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement

Additional Resources

https://threatpost.com/patch-released-for-critical-apache-struts-bug/127809/

https://qz.com/1069960/researchers-just-discovered-a-bug-that-has-made-the-apache-struts-framework-vulnerable-to-simple-hacks-since-2008/

https://www.itnews.com.au/news/critical-apache-struts-vulnerability-menaces-enterprises-472645

http://www.zdnet.com/article/critical-security-bug-threatens-fortune-100-companies/?loc=newsletter_large_thumb_related&ftag=TREc64629f&bhid=24735745556402991340377214973076

About Dragonfly

Dragonfly Technologies - Secure Solutions, Simplified
Whether its infrastructure, data or application security, Dragonfly has the technical expertise to assist you in protecting your organisation's most critical assets.

We protect Australia's most security conscious organisations. 

For immediate assistance, contact our team on 1300 663 220 or online