Apache Struts Framework Vulnerability

A severe vulnerability has been detected in Apache Struts 2 framework.  The vulnerability allows for full remote code execution and is actively being exploited in the wild.

 

Severity

Critical

CVE Number

CVE–2017-9805

Impacted Platforms

  • Apache Struts 2 and versions since 2008 [2.1.2 – Struts 2.3.33 and Struts 2.5 – Struts 2.5.12]

Recommended actions

 

More information

https://lgtm.com/blog/apache_struts_CVE-2017-9805

https://struts.apache.org/docs/s2-052.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805

http://www.theregister.co.uk/2017/09/05/apache_struts_vuln/