Blog | G5 Cyber Security

Apache Struts 2 Under Zero-Day Attack, Update Now

Apache Struts 2 installations are being targeted – and hacked in large numbers – by attackers who are exploiting a zero-day flaw in the platform to remotely execute code. The remote-code execution vulnerability in Struts that’s being actively exploited – CVE-2017-5638 – exists in the Jakarta Multipart parser, which is used for uploading files. Apache says the latest versions of the Java Enterprise Edition version of Struts fix the flaw. Security experts say other workarounds could also be put in place via Web application firewalls and intrusion detection systems.”]

Source: https://www.inforisktoday.com/apache-struts-2-under-zero-day-attack-update-now-a-9761

Exit mobile version