it.ucsf.edu

Security Update:Security Update: The Apache Software Foundation has released security updates to address a Critical vulnerability in Struts 2

Status Type

Security Update

Date and Time

Thursday, September 7, 2017 - 08:29

Reason

Security Update

Impact

Apache users

WHAT HAPPENED?

The Apache Software Foundation has released security updates to address a Critical vulnerability in Struts 2.

 

Advanced Users: For a complete description of the security enhancements, software enhancements and affected software refer to Apache Security Bulletin S2-045 at https://cwiki.apache.org/confluence/display/WW/S2-052.

 

AFFECTED SYSTEMS:

  • Struts 2.1.2 - Struts 2.3.33
  • Struts 2.5 - Struts 2.5.12

 

WHAT’S THE PROBLEM?

Exploitation of one of these vulnerabilities could allow an attacker to control of an affected system.

 

HOW DO I PROTECT MY WEB SITE?

  • Upgrade to Struts 2.5.13 or Struts 2.3.34

 

RELATED LINKS