Apache Struts is an open source framework for developing Java web applications. It’s also very popular, and used by many large organizations. Recently, a researcher found a serious vulnerability in Apache Struts that affects all the latest versions. Watch the video below for a quick summary, and if you use Struts, be sure to go download, test, and apply the proper update immediately.
Episode Runtime: 1:23
Direct YouTube Link: https://www.youtube.com/watch?v=HddyTQkf1k0
- Evil code injection vulnerability in Apache Struts – The Register
- High-level advisory on Apache Struts vulnerability – LGTM.com
- Researcher’s detailed post on the Apache Struts flaw – LGTM.com