Remember the Equifax breach? That breach was caused by a just previously disclosed remote code execution (RCE) vulnerability in Apache Struts. Guess what! There’s another one.
In today’s video, I warn you about a newly disclosed RCE vulnerability in Apache Struts, which was discovered by a security research from Semmle. If you use Apache Struts, you’re going to want to patch production servers as soon as you can, especially if you enable the settings or attributes that make this vulnerability possible. Watch the video below for a quick summary of the issue, and check the researcher’s post below for full details.
Episode Runtime: 1:48
Direct YouTube Link: https://www.youtube.com/watch?v=TVhsuUEeVIM
- Semmle security researcher discovers critical Apache Struts vulnerability – Semmle
- Apache’s confluence page on this vulnerability – Apache