A severe vulnerability has been detected in Apache Struts 2 framework and is being actively exploited in the wild. Vulnerable platforms can have a remote malicious code executed on the server, potentially disabling server-based firewalls and deploying other types of malwares and code.
- Apache Struts 2.3.5 through 2.3.31
- Apache Struts 2.5 through 2.5.10
- Please patch as soon as possible
- For self-diagnosis, please complete the script below:
- Contact firstname.lastname@example.org performing credential Nessus scan
- Regularly check Apache Struts Security Bulletins (https://cwiki.apache.org/confluence/display/WW/Security+Bulletins)