Security Update:Security Update: The Apache Software Foundation has released security updates to address a Critical vulnerability in Struts 2
Date and Time
The Apache Software Foundation has released security updates to address a Critical vulnerability in Struts 2.
Advanced Users: For a complete description of the security enhancements, software enhancements and affected software refer to Apache Security Bulletin S2-045 at https://cwiki.apache.org/confluence/display/WW/S2-052.
- Struts 2.1.2 - Struts 2.3.33
- Struts 2.5 - Struts 2.5.12
WHAT’S THE PROBLEM?
Exploitation of one of these vulnerabilities could allow an attacker to control of an affected system.
HOW DO I PROTECT MY WEB SITE?
- Users and administrators are encouraged to review the Apache Security Bulletin S2-052 at https://cwiki.apache.org/confluence/display/WW/S2-052
- Upgrade to Struts 2.5.13 or Struts 2.3.34
- IT Security - https://it.ucsf.edu/security