Security Update:Apache Released HIGH Security Update for Apache Struts
Date and Time
Apache Strut Users
The Apache Software Foundation has released security updates to address a HIGH vulnerability in Struts 2.
Advanced Users: For a complete description of the security enhancements, software enhancements and affected software refer to Apache Security Bulletin S2-045 at https://cwiki.apache.org/confluence/display/WW/S2-045.
- Struts 2.3.5 - Struts 2.3.31
- Struts 2.5 - Struts 2.5.10
WHAT’S THE PROBLEM?
Exploitation of one of these vulnerabilities could allow an attacker to control of an affected system.
HOW DO I PROTECT MY WEB SITE?
- Users and administrators are encouraged to review the Apache Security Bulletin S2-045 at https://cwiki.apache.org/confluence/display/WW/S2-045
- Upgrade to Struts 2.3.32 or Struts 220.127.116.11
- IT Security - https://it.ucsf.edu/security