Tag: Struts 2
-
New Critical RCE Vulnerability Discovered in Apache Struts 2 – Patch Now
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that …
-
Apache Releases Security Advisory for Struts 2
The Apache Software Foundation has released a security advisory to address vulnerabilities in Struts in the version range 2.0.0 – 2.5.20. …
-
Apache Struts users have to update FileUpload library to fix years-old flaws
Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts …
-
Apache warns Struts 2.3 is using a library with a two year old critical flaw
The Apache Software Foundation is warning organizations using certain versions of Struts 2 to update a library called “Commons …
-
Deja Vu All Over Again? Another New Apache Struts Vulnerability (CVE-2018-11776)
Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed late yesterday (August 22nd) – leaving many feeling …
-
Oracle corrals and patches Struts 2 vulnerabilities
Oracle has stepped outside its usual quarterly security fix cycle to address the latest Apache Struts 2 vulnerability. Ever since it emerged at the start of September, CVE-2017-9805 has been (in the words of a former Australian prime minister) “a shiver looking for a spine to crawl up”, because so many vendors use Apache to…
-
Ghost in the Machine: Vulnerability Patching
It’s called a “ghost in the machine.” A vital, but hidden, process that makes all complex outcomes seem easy and simple. Read full news article on Dzone
-
Struts2 Breach at Equifax Was 100% Preventable With Automated Tech.
The breach at Equifax is a siren call. It’s time for organizations to approach the problem of managing open source software by using automated technology. Here’s how. The breach at Equifax is a siren call. It’s time for organizations to approach the problem of managing open source software by using automated technology, not manual processes.…
-
Security Processes at the Apache Software Foundation [Video/Podcast]
In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation, and Brian Fox, CTO, Sonatype to clarify the processes ASF goes through when a vulnerability is found within one of their projects. If you don’t have access to YouTube, you can listen…
●●●