Welcome to WebmasterWorld Guest from 54.242.115.55

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

Apache Struts: Possible Remote Code Execution

     
6:00 pm on Mar 20, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25915
votes: 881


Time to update to Apache Struts V 2.3.32 or 2.5.10.1 to avoid a remote code execution attack.

Solution

If you are using Jakarta based file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or 2.5.10.1. You can also switch to a different implementation of the Multipart parser. Apache Struts: Possible Remote Code Execution [cwiki.apache.org]
11:36 pm on Mar 29, 2017 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11613
votes: 195


discussion of a specific site's solutions/workarounds in this thread in the Apache Web Server forum:
latest Apache struts security issue [webmasterworld.com]