www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject [ANN] Two security vulnerabilities reported
Date Wed, 01 Jun 2016 10:25:25 GMT
Two potential security vulnerabilities were reported which were
already addressed in the latest Apache Struts 2 versions. Those
reports just added other vectors of attack.
http://struts.apache.org/announce.html#a20160601

- S2-033 Remote Code Execution can be performed when using REST Plugin
with ! operator when Dynamic Method Invocation is enabled -
http://struts.apache.org/docs/s2-033.html

- S2-034 OGNL cache poisoning can lead to DoS vulnerability -
http://struts.apache.org/docs/s2-034.html

Please read carefully the Security Bulletins and take suggested
actions. The simplest way to avoid those vulnerabilities in your
application is to upgrade the Apache Struts to latest available
version in 2.3.x series or to the Apache Struts 2.5.

You can download those versions from our download page.
http://struts.apache.org/download.html#struts-ga


Kinds regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

Mime
View raw message